snippets_controller.rb 3.16 KB
Newer Older
1
class SnippetsController < ApplicationController
2
  include RendersNotes
Z.J. van de Weg's avatar
Z.J. van de Weg committed
3
  include ToggleAwardEmoji
4
  include SpammableActions
5
  include SnippetsActions
6
  include RendersBlob
7
  include PreviewMarkdown
Z.J. van de Weg's avatar
Z.J. van de Weg committed
8

haseeb's avatar
haseeb committed
9 10
  skip_before_action :verify_authenticity_token, only: [:show], if: :js_request?

11
  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
gitlabhq's avatar
gitlabhq committed
12

13
  # Allow read snippet
14
  before_action :authorize_read_snippet!, only: [:show, :raw]
15

16
  # Allow modify snippet
17
  before_action :authorize_update_snippet!, only: [:edit, :update]
18

19
  # Allow destroy snippet
20
  before_action :authorize_admin_snippet!, only: [:destroy]
gitlabhq's avatar
gitlabhq committed
21

22
  skip_before_action :authenticate_user!, only: [:index, :show, :raw]
23

24
  layout 'snippets'
gitlabhq's avatar
gitlabhq committed
25 26
  respond_to :html

Long Nguyen's avatar
Long Nguyen committed
27 28 29 30
  def index
    if params[:username].present?
      @user = User.find_by(username: params[:username])

Douwe Maan's avatar
Douwe Maan committed
31
      return render_404 unless @user
Long Nguyen's avatar
Long Nguyen committed
32

33 34
      @snippets = SnippetsFinder.new(current_user, author: @user, scope: params[:scope])
        .execute.page(params[:page])
Long Nguyen's avatar
Long Nguyen committed
35 36 37 38 39 40 41

      render 'index'
    else
      redirect_to(current_user ? dashboard_snippets_path : explore_snippets_path)
    end
  end

Nihad Abbasov's avatar
Nihad Abbasov committed
42
  def new
Andrew8xx8's avatar
Andrew8xx8 committed
43
    @snippet = PersonalSnippet.new
gitlabhq's avatar
gitlabhq committed
44 45 46
  end

  def create
47 48
    create_params = snippet_params.merge(spammable_params)

49
    @snippet = CreateSnippetService.new(nil, current_user, create_params).execute
gitlabhq's avatar
gitlabhq committed
50

51
    move_temporary_files if @snippet.valid? && params[:files]
52

53
    recaptcha_check_with_fallback { render :new }
gitlabhq's avatar
gitlabhq committed
54 55 56
  end

  def update
57 58 59 60 61
    update_params = snippet_params.merge(spammable_params)

    UpdateSnippetService.new(nil, current_user, @snippet, update_params).execute

    recaptcha_check_with_fallback { render :edit }
gitlabhq's avatar
gitlabhq committed
62 63 64
  end

  def show
65
    blob = @snippet.blob
66
    conditionally_expand_blob(blob)
67

68
    @note = Note.new(noteable: @snippet)
69 70 71
    @noteable = @snippet

    @discussions = @snippet.discussions
72
    @notes = prepare_notes_for_rendering(@discussions.flat_map(&:notes), @noteable)
73

74 75 76 77 78 79 80 81
    respond_to do |format|
      format.html do
        render 'show'
      end

      format.json do
        render_blob_json(blob)
      end
haseeb's avatar
haseeb committed
82 83

      format.js { render 'shared/snippets/show' }
84
    end
gitlabhq's avatar
gitlabhq committed
85 86 87
  end

  def destroy
88
    return access_denied! unless can?(current_user, :admin_personal_snippet, @snippet)
gitlabhq's avatar
gitlabhq committed
89 90 91

    @snippet.destroy

Lin Jen-Shin's avatar
Lin Jen-Shin committed
92
    redirect_to snippets_path, status: :found
gitlabhq's avatar
gitlabhq committed
93
  end
94 95

  protected
96

97
  def snippet
98
    @snippet ||= PersonalSnippet.find_by(id: params[:id])
99
  end
100

Z.J. van de Weg's avatar
Z.J. van de Weg committed
101
  alias_method :awardable, :snippet
102
  alias_method :spammable, :snippet
103

104 105 106 107
  def spammable_path
    snippet_path(@snippet)
  end

108
  def authorize_read_snippet!
109 110 111 112 113 114 115
    return if can?(current_user, :read_personal_snippet, @snippet)

    if current_user
      render_404
    else
      authenticate_user!
    end
116 117
  end

118
  def authorize_update_snippet!
119
    return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
120 121 122
  end

  def authorize_admin_snippet!
123
    return render_404 unless can?(current_user, :admin_personal_snippet, @snippet)
124
  end
125

126
  def snippet_params
127 128 129 130 131 132 133
    params.require(:personal_snippet).permit(:title, :content, :file_name, :private, :visibility_level, :description)
  end

  def move_temporary_files
    params[:files].each do |file|
      FileMover.new(file, @snippet).execute
    end
134
  end
gitlabhq's avatar
gitlabhq committed
135
end