debian-mirror-gitlab/app/controllers/snippets/notes_controller.rb

# frozen_string_literal: true

class Snippets::NotesController < ApplicationController
  include NotesActions
  include ToggleAwardEmoji

  skip_before_action :authenticate_user!, only: [:index]
  before_action :authorize_read_snippet!, only: [:show, :index]
  before_action :authorize_create_note!, only: [:create]

  private

  def note
    @note ||= snippet.notes.inc_relations_for_view.find(params[:id])
  end
  alias_method :awardable, :note

  def project
    nil
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def snippet
    PersonalSnippet.find_by(id: params[:snippet_id])
  end
  # rubocop: enable CodeReuse/ActiveRecord
  alias_method :noteable, :snippet

  def finder_params
    params.merge(last_fetched_at: last_fetched_at, target_id: snippet.id, target_type: 'personal_snippet').tap do |merged_params|
      merged_params[:project] = project if respond_to?(:project)
    end
  end

  def authorize_read_snippet!
    return render_404 unless can?(current_user, :read_snippet, snippet)
  end

  def authorize_create_note!
    access_denied! unless can?(current_user, :create_note, noteable)
  end
end
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`class Snippets::NotesController < ApplicationController`
			`include NotesActions`
			`include ToggleAwardEmoji`

			`skip_before_action :authenticate_user!, only: [:index]`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`before_action :authorize_read_snippet!, only: [:show, :index]`
			`before_action :authorize_create_note!, only: [:create]`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`private`

			`def note`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`@note \|\|= snippet.notes.inc_relations_for_view.find(params[:id])`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`alias_method :awardable, :note`

			`def project`
			`nil`
			`end`

New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: disable CodeReuse/ActiveRecord`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def snippet`
			`PersonalSnippet.find_by(id: params[:snippet_id])`
			`end`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: enable CodeReuse/ActiveRecord`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`alias_method :noteable, :snippet`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`def finder_params`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`params.merge(last_fetched_at: last_fetched_at, target_id: snippet.id, target_type: 'personal_snippet').tap do \|merged_params\|`
			`merged_params[:project] = project if respond_to?(:project)`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def authorize_read_snippet!`
New upstream version 12.8.6 2020-03-13 15:44:24 +05:30			`return render_404 unless can?(current_user, :read_snippet, snippet)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
			`def authorize_create_note!`
			`access_denied! unless can?(current_user, :create_note, noteable)`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`