From 285c5341855f8af6cbea5e964e3104a4698fa450 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Sat, 7 Mar 2015 11:23:43 -0700
Subject: Allow admins to override restricted visibility

Allow admins to use restricted visibility levels when creating or
updating projects.
---
 lib/api/helpers.rb  | 2 +-
 lib/api/projects.rb | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'lib/api')

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 228a719fbdf..f46dc8b456e 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -204,7 +204,7 @@ module API
     end
 
     def render_validation_error!(model)
-      unless model.valid?
+      if model.errors.any?
         render_api_error!(model.errors.messages || '400 Bad Request', 400)
       end
     end
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 0677e85beab..83f65eec6cc 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -233,10 +233,10 @@ module API
         ::Projects::UpdateService.new(user_project,
                                       current_user, attrs).execute
 
-        if user_project.valid?
-          present user_project, with: Entities::Project
-        else
+        if user_project.errors.any?
           render_validation_error!(user_project)
+        else
+          present user_project, with: Entities::Project
         end
       end
 
-- 
cgit v1.2.1


From 928fc94c3d900069902b097d6464acee712a886c Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Sat, 7 Mar 2015 12:47:06 -0700
Subject: Enforce restricted visibilities for snippets

Add new service classes to create and update project and personal
snippets.  These classes are responsible for enforcing restricted
visibility settings for non-admin users.
---
 lib/api/project_snippets.rb | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

(limited to 'lib/api')

diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 0c2d282f785..25f34a3dab5 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -42,18 +42,19 @@ module API
       #   title (required) - The title of a snippet
       #   file_name (required) - The name of a snippet file
       #   code (required) - The content of a snippet
+      #   visibility_level (required) - The snippet's visibility
       # Example Request:
       #   POST /projects/:id/snippets
       post ":id/snippets" do
         authorize! :write_project_snippet, user_project
-        required_attributes! [:title, :file_name, :code]
+        required_attributes! [:title, :file_name, :code, :visibility_level]
 
-        attrs = attributes_for_keys [:title, :file_name]
+        attrs = attributes_for_keys [:title, :file_name, :visibility_level]
         attrs[:content] = params[:code] if params[:code].present?
-        @snippet = user_project.snippets.new attrs
-        @snippet.author = current_user
+        @snippet = CreateSnippetservice.new(user_project, current_user,
+                                            attrs).execute
 
-        if @snippet.save
+        if @snippet.saved?
           present @snippet, with: Entities::ProjectSnippet
         else
           render_validation_error!(@snippet)
@@ -68,19 +69,22 @@ module API
       #   title (optional) - The title of a snippet
       #   file_name (optional) - The name of a snippet file
       #   code (optional) - The content of a snippet
+      #   visibility_level (optional) - The snippet's visibility
       # Example Request:
       #   PUT /projects/:id/snippets/:snippet_id
       put ":id/snippets/:snippet_id" do
         @snippet = user_project.snippets.find(params[:snippet_id])
         authorize! :modify_project_snippet, @snippet
 
-        attrs = attributes_for_keys [:title, :file_name]
+        attrs = attributes_for_keys [:title, :file_name, :visibility_level]
         attrs[:content] = params[:code] if params[:code].present?
 
-        if @snippet.update_attributes attrs
-          present @snippet, with: Entities::ProjectSnippet
-        else
+        UpdateSnippetService.new(user_project, current_user, @snippet,
+                                 attrs).execute
+        if @snippet.errors.any?
           render_validation_error!(@snippet)
+        else
+          present @snippet, with: Entities::ProjectSnippet
         end
       end
 
-- 
cgit v1.2.1


From 9623b71a3975bb442b85aa57146b788f96de6320 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Tue, 10 Mar 2015 18:21:09 -0600
Subject: More restricted visibility changes

Bug fixes and new tests for the restricted visibility changes.
---
 lib/api/project_snippets.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'lib/api')

diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 25f34a3dab5..54f2555903f 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -51,13 +51,13 @@ module API
 
         attrs = attributes_for_keys [:title, :file_name, :visibility_level]
         attrs[:content] = params[:code] if params[:code].present?
-        @snippet = CreateSnippetservice.new(user_project, current_user,
+        @snippet = CreateSnippetService.new(user_project, current_user,
                                             attrs).execute
 
-        if @snippet.saved?
-          present @snippet, with: Entities::ProjectSnippet
-        else
+        if @snippet.errors.any?
           render_validation_error!(@snippet)
+        else
+          present @snippet, with: Entities::ProjectSnippet
         end
       end
 
-- 
cgit v1.2.1