From b565f33472d960e37ed41a8a0c09fbbc3ea65f1e Mon Sep 17 00:00:00 2001
From: randx <dmitriy.zaporozhets@gmail.com>
Date: Mon, 10 Sep 2012 09:06:11 +0300
Subject: Auth for API

---
 lib/api/projects.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib/api/projects.rb')

diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 7da83429dd4..05b07e8def4 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -74,6 +74,7 @@ module Gitlab
       # Example Request:
       #   POST /projects/:id/users
       post ":id/users" do
+        authorize! :admin_project, user_project
         user_project.add_users_ids_to_team(params[:user_ids].values, params[:project_access])
         nil
       end
@@ -87,6 +88,7 @@ module Gitlab
       # Example Request:
       #   PUT /projects/:id/add_users
       put ":id/users" do
+        authorize! :admin_project, user_project
         user_project.update_users_ids_to_role(params[:user_ids].values, params[:project_access])
         nil
       end
@@ -99,6 +101,7 @@ module Gitlab
       # Example Request:
       #   DELETE /projects/:id/users
       delete ":id/users" do
+        authorize! :admin_project, user_project
         user_project.delete_users_ids_from_team(params[:user_ids].values)
         nil
       end
@@ -186,6 +189,8 @@ module Gitlab
       #   PUT /projects/:id/snippets/:snippet_id
       put ":id/snippets/:snippet_id" do
         @snippet = user_project.snippets.find(params[:snippet_id])
+        authorize! :modify_snippet, @snippet
+
         parameters = {
           title: (params[:title] || @snippet.title),
           file_name: (params[:file_name] || @snippet.file_name),
@@ -209,6 +214,8 @@ module Gitlab
       #   DELETE /projects/:id/snippets/:snippet_id
       delete ":id/snippets/:snippet_id" do
         @snippet = user_project.snippets.find(params[:snippet_id])
+        authorize! :modify_snippet, @snippet
+
         @snippet.destroy
       end
 
-- 
cgit v1.2.1


From 915dac0055cd801c080ebcd37749f4fc6d2d12c4 Mon Sep 17 00:00:00 2001
From: Alex Denisov <1101.debian@gmail.com>
Date: Mon, 10 Sep 2012 10:41:46 +0300
Subject: Error throwing moved to api_helper

---
 lib/api/projects.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'lib/api/projects.rb')

diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 05b07e8def4..9d33323e5fb 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -50,7 +50,7 @@ module Gitlab
         if @project.saved?
           present @project, with: Entities::Project
         else
-          error!({'message' => '404 Not found'}, 404)
+          not_found!
         end
       end
 
@@ -172,7 +172,7 @@ module Gitlab
         if @snippet.save
           present @snippet, with: Entities::ProjectSnippet
         else
-          error!({'message' => '404 Not found'}, 404)
+          not_found!
         end
       end
 
@@ -201,7 +201,7 @@ module Gitlab
         if @snippet.update_attributes(parameters)
           present @snippet, with: Entities::ProjectSnippet
         else
-          error!({'message' => '404 Not found'}, 404)
+          not_found!
         end
       end
 
@@ -244,10 +244,10 @@ module Gitlab
         ref = params[:sha]
 
         commit = user_project.commit ref
-        error!('404 Commit Not Found', 404) unless commit
+        not_found! "Commit" unless commit
 
         tree = Tree.new commit.tree, user_project, ref, params[:filepath]
-        error!('404 File Not Found', 404) unless tree.try(:tree)
+        not_found! "File" unless tree.try(:tree)
 
         if tree.text?
           encoding = Gitlab::Encode.detect_encoding(tree.data)
-- 
cgit v1.2.1