From 285c5341855f8af6cbea5e964e3104a4698fa450 Mon Sep 17 00:00:00 2001 From: Vinnie Okada Date: Sat, 7 Mar 2015 11:23:43 -0700 Subject: Allow admins to override restricted visibility Allow admins to use restricted visibility levels when creating or updating projects. --- lib/api/helpers.rb | 2 +- lib/api/projects.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/api') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 228a719fbdf..f46dc8b456e 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -204,7 +204,7 @@ module API end def render_validation_error!(model) - unless model.valid? + if model.errors.any? render_api_error!(model.errors.messages || '400 Bad Request', 400) end end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 0677e85beab..83f65eec6cc 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -233,10 +233,10 @@ module API ::Projects::UpdateService.new(user_project, current_user, attrs).execute - if user_project.valid? - present user_project, with: Entities::Project - else + if user_project.errors.any? render_validation_error!(user_project) + else + present user_project, with: Entities::Project end end -- cgit v1.2.1 From 928fc94c3d900069902b097d6464acee712a886c Mon Sep 17 00:00:00 2001 From: Vinnie Okada Date: Sat, 7 Mar 2015 12:47:06 -0700 Subject: Enforce restricted visibilities for snippets Add new service classes to create and update project and personal snippets. These classes are responsible for enforcing restricted visibility settings for non-admin users. --- lib/api/project_snippets.rb | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'lib/api') diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 0c2d282f785..25f34a3dab5 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -42,18 +42,19 @@ module API # title (required) - The title of a snippet # file_name (required) - The name of a snippet file # code (required) - The content of a snippet + # visibility_level (required) - The snippet's visibility # Example Request: # POST /projects/:id/snippets post ":id/snippets" do authorize! :write_project_snippet, user_project - required_attributes! [:title, :file_name, :code] + required_attributes! [:title, :file_name, :code, :visibility_level] - attrs = attributes_for_keys [:title, :file_name] + attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - @snippet = user_project.snippets.new attrs - @snippet.author = current_user + @snippet = CreateSnippetservice.new(user_project, current_user, + attrs).execute - if @snippet.save + if @snippet.saved? present @snippet, with: Entities::ProjectSnippet else render_validation_error!(@snippet) @@ -68,19 +69,22 @@ module API # title (optional) - The title of a snippet # file_name (optional) - The name of a snippet file # code (optional) - The content of a snippet + # visibility_level (optional) - The snippet's visibility # Example Request: # PUT /projects/:id/snippets/:snippet_id put ":id/snippets/:snippet_id" do @snippet = user_project.snippets.find(params[:snippet_id]) authorize! :modify_project_snippet, @snippet - attrs = attributes_for_keys [:title, :file_name] + attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - if @snippet.update_attributes attrs - present @snippet, with: Entities::ProjectSnippet - else + UpdateSnippetService.new(user_project, current_user, @snippet, + attrs).execute + if @snippet.errors.any? render_validation_error!(@snippet) + else + present @snippet, with: Entities::ProjectSnippet end end -- cgit v1.2.1 From 9623b71a3975bb442b85aa57146b788f96de6320 Mon Sep 17 00:00:00 2001 From: Vinnie Okada Date: Tue, 10 Mar 2015 18:21:09 -0600 Subject: More restricted visibility changes Bug fixes and new tests for the restricted visibility changes. --- lib/api/project_snippets.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/api') diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 25f34a3dab5..54f2555903f 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -51,13 +51,13 @@ module API attrs = attributes_for_keys [:title, :file_name, :visibility_level] attrs[:content] = params[:code] if params[:code].present? - @snippet = CreateSnippetservice.new(user_project, current_user, + @snippet = CreateSnippetService.new(user_project, current_user, attrs).execute - if @snippet.saved? - present @snippet, with: Entities::ProjectSnippet - else + if @snippet.errors.any? render_validation_error!(@snippet) + else + present @snippet, with: Entities::ProjectSnippet end end -- cgit v1.2.1