Commit d63371ad authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Update controller filters

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent 342d5537
...@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController
before_action :authorize_read_issue! before_action :authorize_read_issue!
# Allow write(create) issue # Allow write(create) issue
before_action :authorize_write_issue!, only: [:new, :create] before_action :authorize_create_issue!, only: [:new, :create]
# Allow modify issue # Allow modify issue
before_action :authorize_modify_issue!, only: [:edit, :update] before_action :authorize_update_issue!, only: [:edit, :update]
# Allow issues bulk update # Allow issues bulk update
before_action :authorize_admin_issues!, only: [:bulk_update] before_action :authorize_admin_issues!, only: [:bulk_update]
...@@ -122,7 +122,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -122,7 +122,7 @@ class Projects::IssuesController < Projects::ApplicationController
end end
end end
def authorize_modify_issue! def authorize_update_issue!
return render_404 unless can?(current_user, :update_issue, @issue) return render_404 unless can?(current_user, :update_issue, @issue)
end end
......
...@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
before_action :authorize_read_merge_request! before_action :authorize_read_merge_request!
# Allow write(create) merge_request # Allow write(create) merge_request
before_action :authorize_write_merge_request!, only: [:new, :create] before_action :authorize_create_merge_request!, only: [:new, :create]
# Allow modify merge_request # Allow modify merge_request
before_action :authorize_modify_merge_request!, only: [:close, :edit, :update, :sort] before_action :authorize_update_merge_request!, only: [:close, :edit, :update, :sort]
def index def index
terms = params['issue_search'] terms = params['issue_search']
...@@ -218,7 +218,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController ...@@ -218,7 +218,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@closes_issues ||= @merge_request.closes_issues @closes_issues ||= @merge_request.closes_issues
end end
def authorize_modify_merge_request! def authorize_update_merge_request!
return render_404 unless can?(current_user, :update_merge_request, @merge_request) return render_404 unless can?(current_user, :update_merge_request, @merge_request)
end end
......
class Projects::NotesController < Projects::ApplicationController class Projects::NotesController < Projects::ApplicationController
# Authorize # Authorize
before_action :authorize_read_note! before_action :authorize_read_note!
before_action :authorize_write_note!, only: [:create] before_action :authorize_create_note!, only: [:create]
before_action :authorize_admin_note!, only: [:update, :destroy] before_action :authorize_admin_note!, only: [:update, :destroy]
before_action :find_current_user_notes, except: [:destroy, :delete_attachment] before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
......
...@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action :authorize_read_project_snippet! before_action :authorize_read_project_snippet!
# Allow write(create) snippet # Allow write(create) snippet
before_action :authorize_write_project_snippet!, only: [:new, :create] before_action :authorize_create_project_snippet!, only: [:new, :create]
# Allow modify snippet # Allow modify snippet
before_action :authorize_modify_project_snippet!, only: [:edit, :update] before_action :authorize_update_project_snippet!, only: [:edit, :update]
# Allow destroy snippet # Allow destroy snippet
before_action :authorize_admin_project_snippet!, only: [:destroy] before_action :authorize_admin_project_snippet!, only: [:destroy]
...@@ -75,7 +75,7 @@ class Projects::SnippetsController < Projects::ApplicationController ...@@ -75,7 +75,7 @@ class Projects::SnippetsController < Projects::ApplicationController
@snippet ||= @project.snippets.find(params[:id]) @snippet ||= @project.snippets.find(params[:id])
end end
def authorize_modify_project_snippet! def authorize_update_project_snippet!
return render_404 unless can?(current_user, :update_project_snippet, @snippet) return render_404 unless can?(current_user, :update_project_snippet, @snippet)
end end
......
...@@ -2,7 +2,7 @@ require 'project_wiki' ...@@ -2,7 +2,7 @@ require 'project_wiki'
class Projects::WikisController < Projects::ApplicationController class Projects::WikisController < Projects::ApplicationController
before_action :authorize_read_wiki! before_action :authorize_read_wiki!
before_action :authorize_write_wiki!, only: [:edit, :create, :history] before_action :authorize_create_wiki!, only: [:edit, :create, :history]
before_action :authorize_admin_wiki!, only: :destroy before_action :authorize_admin_wiki!, only: :destroy
before_action :load_project_wiki before_action :load_project_wiki
include WikiHelper include WikiHelper
......
...@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController ...@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
before_action :snippet, only: [:show, :edit, :destroy, :update, :raw] before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
# Allow modify snippet # Allow modify snippet
before_action :authorize_modify_snippet!, only: [:edit, :update] before_action :authorize_update_snippet!, only: [:edit, :update]
# Allow destroy snippet # Allow destroy snippet
before_action :authorize_admin_snippet!, only: [:destroy] before_action :authorize_admin_snippet!, only: [:destroy]
...@@ -87,7 +87,7 @@ class SnippetsController < ApplicationController ...@@ -87,7 +87,7 @@ class SnippetsController < ApplicationController
end end
end end
def authorize_modify_snippet! def authorize_update_snippet!
return render_404 unless can?(current_user, :update_personal_snippet, @snippet) return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment