snippets_controller.rb 2.75 KB
Newer Older
1
class Projects::SnippetsController < Projects::ApplicationController
2
  include NotesHelper
3
  include ToggleAwardEmoji
Sean McGivern's avatar
Sean McGivern committed
4
  include SpammableActions
5
  include SnippetsActions
6

7
  before_action :module_enabled
Sean McGivern's avatar
Sean McGivern committed
8
  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :toggle_award_emoji, :mark_as_spam]
Andrew8xx8's avatar
Andrew8xx8 committed
9 10

  # Allow read any snippet
11
  before_action :authorize_read_project_snippet!, except: [:new, :create, :index]
Andrew8xx8's avatar
Andrew8xx8 committed
12 13

  # Allow write(create) snippet
14
  before_action :authorize_create_project_snippet!, only: [:new, :create]
Andrew8xx8's avatar
Andrew8xx8 committed
15 16

  # Allow modify snippet
17
  before_action :authorize_update_project_snippet!, only: [:edit, :update]
Andrew8xx8's avatar
Andrew8xx8 committed
18 19

  # Allow destroy snippet
20
  before_action :authorize_admin_project_snippet!, only: [:destroy]
Andrew8xx8's avatar
Andrew8xx8 committed
21 22 23 24

  respond_to :html

  def index
25 26
    @snippets = SnippetsFinder.new.execute(
      current_user,
27
      filter: :by_project,
28 29 30
      project: @project,
      scope: params[:scope]
    )
31 32 33 34
    @snippets = @snippets.page(params[:page])
    if @snippets.out_of_range? && @snippets.total_pages != 0
      redirect_to namespace_project_snippets_path(page: @snippets.total_pages)
    end
Andrew8xx8's avatar
Andrew8xx8 committed
35 36 37
  end

  def new
38
    @snippet = @noteable = @project.snippets.build
Andrew8xx8's avatar
Andrew8xx8 committed
39 40 41
  end

  def create
42 43
    create_params = snippet_params.merge(spammable_params)

Sean McGivern's avatar
Sean McGivern committed
44
    @snippet = CreateSnippetService.new(@project, current_user, create_params).execute
45

46
    recaptcha_check_with_fallback { render :new }
Andrew8xx8's avatar
Andrew8xx8 committed
47 48 49
  end

  def update
50 51 52 53 54
    update_params = snippet_params.merge(spammable_params)

    UpdateSnippetService.new(project, current_user, @snippet, update_params).execute

    recaptcha_check_with_fallback { render :edit }
Andrew8xx8's avatar
Andrew8xx8 committed
55 56 57 58
  end

  def show
    @note = @project.notes.new(noteable: @snippet)
59
    @noteable = @snippet
60 61 62

    @discussions = @snippet.discussions
    @notes = prepare_notes_for_rendering(@discussions.flat_map(&:notes))
Andrew8xx8's avatar
Andrew8xx8 committed
63 64 65
  end

  def destroy
66
    return access_denied! unless can?(current_user, :admin_project_snippet, @snippet)
Andrew8xx8's avatar
Andrew8xx8 committed
67 68 69

    @snippet.destroy

Vinnie Okada's avatar
Vinnie Okada committed
70
    redirect_to namespace_project_snippets_path(@project.namespace, @project)
Andrew8xx8's avatar
Andrew8xx8 committed
71 72 73 74 75 76 77
  end

  protected

  def snippet
    @snippet ||= @project.snippets.find(params[:id])
  end
78
  alias_method :awardable, :snippet
Sean McGivern's avatar
Sean McGivern committed
79
  alias_method :spammable, :snippet
Andrew8xx8's avatar
Andrew8xx8 committed
80

81 82 83 84
  def authorize_read_project_snippet!
    return render_404 unless can?(current_user, :read_project_snippet, @snippet)
  end

85
  def authorize_update_project_snippet!
86
    return render_404 unless can?(current_user, :update_project_snippet, @snippet)
Andrew8xx8's avatar
Andrew8xx8 committed
87 88
  end

89
  def authorize_admin_project_snippet!
90
    return render_404 unless can?(current_user, :admin_project_snippet, @snippet)
Andrew8xx8's avatar
Andrew8xx8 committed
91 92 93
  end

  def module_enabled
Felipe Artur's avatar
Felipe Artur committed
94
    return render_404 unless @project.feature_available?(:snippets, current_user)
Andrew8xx8's avatar
Andrew8xx8 committed
95
  end
96 97

  def snippet_params
98
    params.require(:project_snippet).permit(:title, :content, :file_name, :private, :visibility_level)
99
  end
Andrew8xx8's avatar
Andrew8xx8 committed
100
end