BigW Consortium Gitlab

Update controller filters

parent 342d5537
......@@ -6,10 +6,10 @@ class Projects::IssuesController < Projects::ApplicationController
before_action :authorize_read_issue!
# Allow write(create) issue
before_action :authorize_write_issue!, only: [:new, :create]
before_action :authorize_create_issue!, only: [:new, :create]
# Allow modify issue
before_action :authorize_modify_issue!, only: [:edit, :update]
before_action :authorize_update_issue!, only: [:edit, :update]
# Allow issues bulk update
before_action :authorize_admin_issues!, only: [:bulk_update]
......@@ -122,7 +122,7 @@ class Projects::IssuesController < Projects::ApplicationController
end
end
def authorize_modify_issue!
def authorize_update_issue!
return render_404 unless can?(current_user, :update_issue, @issue)
end
......
......@@ -14,10 +14,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
before_action :authorize_read_merge_request!
# Allow write(create) merge_request
before_action :authorize_write_merge_request!, only: [:new, :create]
before_action :authorize_create_merge_request!, only: [:new, :create]
# Allow modify merge_request
before_action :authorize_modify_merge_request!, only: [:close, :edit, :update, :sort]
before_action :authorize_update_merge_request!, only: [:close, :edit, :update, :sort]
def index
terms = params['issue_search']
......@@ -218,7 +218,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
@closes_issues ||= @merge_request.closes_issues
end
def authorize_modify_merge_request!
def authorize_update_merge_request!
return render_404 unless can?(current_user, :update_merge_request, @merge_request)
end
......
class Projects::NotesController < Projects::ApplicationController
# Authorize
before_action :authorize_read_note!
before_action :authorize_write_note!, only: [:create]
before_action :authorize_create_note!, only: [:create]
before_action :authorize_admin_note!, only: [:update, :destroy]
before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
......
......@@ -6,10 +6,10 @@ class Projects::SnippetsController < Projects::ApplicationController
before_action :authorize_read_project_snippet!
# Allow write(create) snippet
before_action :authorize_write_project_snippet!, only: [:new, :create]
before_action :authorize_create_project_snippet!, only: [:new, :create]
# Allow modify snippet
before_action :authorize_modify_project_snippet!, only: [:edit, :update]
before_action :authorize_update_project_snippet!, only: [:edit, :update]
# Allow destroy snippet
before_action :authorize_admin_project_snippet!, only: [:destroy]
......@@ -75,7 +75,7 @@ class Projects::SnippetsController < Projects::ApplicationController
@snippet ||= @project.snippets.find(params[:id])
end
def authorize_modify_project_snippet!
def authorize_update_project_snippet!
return render_404 unless can?(current_user, :update_project_snippet, @snippet)
end
......
......@@ -2,7 +2,7 @@ require 'project_wiki'
class Projects::WikisController < Projects::ApplicationController
before_action :authorize_read_wiki!
before_action :authorize_write_wiki!, only: [:edit, :create, :history]
before_action :authorize_create_wiki!, only: [:edit, :create, :history]
before_action :authorize_admin_wiki!, only: :destroy
before_action :load_project_wiki
include WikiHelper
......
......@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
# Allow modify snippet
before_action :authorize_modify_snippet!, only: [:edit, :update]
before_action :authorize_update_snippet!, only: [:edit, :update]
# Allow destroy snippet
before_action :authorize_admin_snippet!, only: [:destroy]
......@@ -87,7 +87,7 @@ class SnippetsController < ApplicationController
end
end
def authorize_modify_snippet!
def authorize_update_snippet!
return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment