2018-12-05 23:21:45 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
module API
|
|
|
|
module Helpers
|
|
|
|
module NotesHelpers
|
2019-12-04 20:38:33 +05:30
|
|
|
include ::RendersNotes
|
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
def self.feature_category_per_noteable_type
|
|
|
|
{
|
2021-12-11 22:18:48 +05:30
|
|
|
Issue => :team_planning,
|
2023-03-17 16:20:25 +05:30
|
|
|
MergeRequest => :code_review_workflow,
|
2023-03-04 22:38:38 +05:30
|
|
|
Snippet => :source_code_management
|
2021-01-29 00:20:46 +05:30
|
|
|
}
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def update_note(noteable, note_id)
|
2019-09-04 21:01:54 +05:30
|
|
|
note = noteable.notes.find(note_id)
|
2018-03-27 19:54:05 +05:30
|
|
|
|
|
|
|
authorize! :admin_note, note
|
|
|
|
|
|
|
|
opts = {
|
2020-10-24 23:57:45 +05:30
|
|
|
note: params[:body],
|
|
|
|
confidential: params[:confidential]
|
|
|
|
}.compact
|
2018-03-27 19:54:05 +05:30
|
|
|
parent = noteable_parent(noteable)
|
|
|
|
project = parent if parent.is_a?(Project)
|
|
|
|
|
|
|
|
note = ::Notes::UpdateService.new(project, current_user, opts).execute(note)
|
|
|
|
|
|
|
|
if note.valid?
|
|
|
|
present note, with: Entities::Note
|
|
|
|
else
|
|
|
|
bad_request!("Failed to save note #{note.errors.messages}")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-10-15 14:42:47 +05:30
|
|
|
def resolve_note(noteable, note_id, resolved)
|
|
|
|
note = noteable.notes.find(note_id)
|
|
|
|
|
|
|
|
authorize! :resolve_note, note
|
|
|
|
|
|
|
|
bad_request!("Note is not resolvable") unless note.resolvable?
|
|
|
|
|
|
|
|
if resolved
|
|
|
|
parent = noteable_parent(noteable)
|
|
|
|
::Notes::ResolveService.new(parent, current_user).execute(note)
|
|
|
|
else
|
|
|
|
note.unresolve!
|
|
|
|
end
|
|
|
|
|
|
|
|
present note, with: Entities::Note
|
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def delete_note(noteable, note_id)
|
|
|
|
note = noteable.notes.find(note_id)
|
|
|
|
|
|
|
|
authorize! :admin_note, note
|
|
|
|
|
|
|
|
parent = noteable_parent(noteable)
|
|
|
|
project = parent if parent.is_a?(Project)
|
|
|
|
destroy_conditionally!(note) do |note|
|
|
|
|
::Notes::DestroyService.new(project, current_user).execute(note)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def get_note(noteable, note_id)
|
2019-09-30 21:07:59 +05:30
|
|
|
note = noteable.notes.with_metadata.find(note_id)
|
2020-04-08 14:13:33 +05:30
|
|
|
can_read_note = note.readable_by?(current_user)
|
2018-03-27 19:54:05 +05:30
|
|
|
|
|
|
|
if can_read_note
|
|
|
|
present note, with: Entities::Note
|
|
|
|
else
|
|
|
|
not_found!("Note")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def noteable_read_ability_name(noteable)
|
2020-03-13 15:44:24 +05:30
|
|
|
"read_#{ability_name(noteable)}".to_sym
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def ability_name(noteable)
|
|
|
|
if noteable.respond_to?(:to_ability_name)
|
|
|
|
noteable.to_ability_name
|
|
|
|
else
|
|
|
|
noteable.class.to_s.underscore
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_noteable(noteable_type, noteable_id)
|
|
|
|
params = finder_params_by_noteable_type_and_id(noteable_type, noteable_id)
|
2018-10-15 14:42:47 +05:30
|
|
|
|
2019-10-12 21:52:04 +05:30
|
|
|
noteable = NotesFinder.new(current_user, params).target
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
# Checking `read_note` permission here, because API code does not seem to use NoteFinder to find notes,
|
|
|
|
# but rather pulls notes directly through notes association, so there is no chance to check read_note
|
|
|
|
# permission at service level. With WorkItem model we need to make sure that it has WorkItem::Widgets::Note
|
|
|
|
# available in order to access notes.
|
|
|
|
noteable = nil unless can_read_notes?(noteable)
|
2019-09-30 21:07:59 +05:30
|
|
|
noteable || not_found!(noteable_type)
|
|
|
|
end
|
2018-10-15 14:42:47 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def finder_params_by_noteable_type_and_id(type, id)
|
2019-09-30 21:07:59 +05:30
|
|
|
target_type = type.name.underscore
|
|
|
|
{ target_type: target_type }.tap do |h|
|
|
|
|
if %w(issue merge_request).include?(target_type)
|
|
|
|
h[:target_iid] = id
|
|
|
|
else
|
|
|
|
h[:target_id] = id
|
|
|
|
end
|
2019-10-12 21:52:04 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
add_parent_to_finder_params(h, type)
|
2019-09-30 21:07:59 +05:30
|
|
|
end
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def add_parent_to_finder_params(finder_params, noteable_type)
|
2019-10-12 21:52:04 +05:30
|
|
|
finder_params[:project] = user_project
|
|
|
|
end
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
def noteable_parent(noteable)
|
|
|
|
public_send("user_#{noteable.class.parent_class.to_s.underscore}") # rubocop:disable GitlabSecurity/PublicSend
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_note(noteable, opts)
|
2021-04-29 21:17:54 +05:30
|
|
|
disable_query_limiting
|
2019-03-13 22:55:13 +05:30
|
|
|
authorize!(:create_note, noteable)
|
2018-03-27 19:54:05 +05:30
|
|
|
|
|
|
|
parent = noteable_parent(noteable)
|
2018-10-15 14:42:47 +05:30
|
|
|
|
2019-03-13 22:55:13 +05:30
|
|
|
opts.delete(:created_at) unless current_user.can?(:set_note_created_at, noteable)
|
2018-03-27 19:54:05 +05:30
|
|
|
|
2018-11-18 11:00:15 +05:30
|
|
|
opts[:updated_at] = opts[:created_at] if opts[:created_at]
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
project = parent if parent.is_a?(Project)
|
|
|
|
::Notes::CreateService.new(project, current_user, opts).execute
|
|
|
|
end
|
2018-10-15 14:42:47 +05:30
|
|
|
|
|
|
|
def resolve_discussion(noteable, discussion_id, resolved)
|
|
|
|
discussion = noteable.find_discussion(discussion_id)
|
|
|
|
|
|
|
|
forbidden! unless discussion.can_resolve?(current_user)
|
|
|
|
|
|
|
|
if resolved
|
|
|
|
parent = noteable_parent(noteable)
|
2020-06-23 00:09:42 +05:30
|
|
|
::Discussions::ResolveService.new(parent, current_user, one_or_more_discussions: discussion).execute
|
2018-10-15 14:42:47 +05:30
|
|
|
else
|
2021-03-11 19:13:27 +05:30
|
|
|
::Discussions::UnresolveService.new(discussion, current_user).execute
|
2018-10-15 14:42:47 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
present discussion, with: Entities::Discussion
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
def disable_query_limiting
|
|
|
|
Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/211538')
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
2023-03-04 22:38:38 +05:30
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def can_read_notes?(noteable)
|
|
|
|
Ability.allowed?(current_user, noteable_read_ability_name(noteable), noteable) &&
|
|
|
|
Ability.allowed?(current_user, :read_note, noteable)
|
|
|
|
end
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2019-12-04 20:38:33 +05:30
|
|
|
|
2021-06-08 01:23:25 +05:30
|
|
|
API::Helpers::NotesHelpers.prepend_mod_with('API::Helpers::NotesHelpers')
|