BigW Consortium Gitlab

snippets_controller.rb 2.73 KB
Newer Older
1
class SnippetsController < ApplicationController
2
  include ToggleAwardEmoji
3
  include SpammableActions
4
  include SnippetsActions
5

6
  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :download]
gitlabhq committed
7

8
  # Allow read snippet
9
  before_action :authorize_read_snippet!, only: [:show, :raw, :download]
10

11
  # Allow modify snippet
12
  before_action :authorize_update_snippet!, only: [:edit, :update]
13

14
  # Allow destroy snippet
15
  before_action :authorize_admin_snippet!, only: [:destroy]
gitlabhq committed
16

17
  skip_before_action :authenticate_user!, only: [:index, :show, :raw, :download]
18

19
  layout 'snippets'
gitlabhq committed
20 21
  respond_to :html

Long Nguyen committed
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
  def index
    if params[:username].present?
      @user = User.find_by(username: params[:username])

      render_404 and return unless @user

      @snippets = SnippetsFinder.new.execute(current_user, {
        filter: :by_user,
        user: @user,
        scope: params[:scope] }).
      page(params[:page])

      render 'index'
    else
      redirect_to(current_user ? dashboard_snippets_path : explore_snippets_path)
    end
  end

Nihad Abbasov committed
40
  def new
Andrew8xx8 committed
41
    @snippet = PersonalSnippet.new
gitlabhq committed
42 43 44
  end

  def create
45 46
    create_params = snippet_params.merge(request: request)
    @snippet = CreateSnippetService.new(nil, current_user, create_params).execute
gitlabhq committed
47

48
    respond_with @snippet.becomes(Snippet)
gitlabhq committed
49 50 51
  end

  def update
52 53 54
    UpdateSnippetService.new(nil, current_user, @snippet,
                             snippet_params).execute
    respond_with @snippet.becomes(Snippet)
gitlabhq committed
55 56 57 58 59 60
  end

  def show
  end

  def destroy
61
    return access_denied! unless can?(current_user, :admin_personal_snippet, @snippet)
gitlabhq committed
62 63 64

    @snippet.destroy

Long Nguyen committed
65
    redirect_to snippets_path
gitlabhq committed
66
  end
67

68 69
  def download
    send_data(
70
      convert_line_endings(@snippet.content),
71 72 73 74 75
      type: 'text/plain; charset=utf-8',
      filename: @snippet.sanitized_file_name
    )
  end

76
  protected
77

78
  def snippet
79 80 81 82 83 84
    @snippet ||= if current_user
                   PersonalSnippet.where("author_id = ? OR visibility_level IN (?)",
                     current_user.id,
                     [Snippet::PUBLIC, Snippet::INTERNAL]).
                     find(params[:id])
                 else
85
                   PersonalSnippet.find(params[:id])
86
                 end
87
  end
88
  alias_method :awardable, :snippet
89
  alias_method :spammable, :snippet
90

91
  def authorize_read_snippet!
92 93 94
    authenticate_user! unless can?(current_user, :read_personal_snippet, @snippet)
  end

95
  def authorize_update_snippet!
96
    return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
97 98 99
  end

  def authorize_admin_snippet!
100
    return render_404 unless can?(current_user, :admin_personal_snippet, @snippet)
101
  end
102

103
  def snippet_params
104 105
    params.require(:personal_snippet).permit(:title, :content, :file_name, :private, :visibility_level)
  end
gitlabhq committed
106
end