issuable_actions.rb 1.47 KB
Newer Older
1 2 3 4 5
module IssuableActions
  extend ActiveSupport::Concern

  included do
    before_action :authorize_destroy_issuable!, only: :destroy
6
    before_action :authorize_admin_issuable!, only: :bulk_update
7 8 9 10
  end

  def destroy
    issuable.destroy
11 12
    destroy_method = "destroy_#{issuable.class.name.underscore}".to_sym
    TodoService.new.public_send(destroy_method, issuable, current_user)
13 14 15 16 17 18

    name = issuable.class.name.titleize.downcase
    flash[:notice] = "The #{name} was successfully deleted."
    redirect_to polymorphic_path([@project.namespace.becomes(Namespace), @project, issuable.class])
  end

19 20 21 22 23 24 25
  def bulk_update
    result = Issuable::BulkUpdateService.new(project, current_user, bulk_update_params).execute(resource_name)
    quantity = result[:count]

    render json: { notice: "#{quantity} #{resource_name.pluralize(quantity)} updated" }
  end

26 27 28
  private

  def authorize_destroy_issuable!
29
    unless can?(current_user, :"destroy_#{issuable.to_ability_name}", issuable)
30 31 32
      return access_denied!
    end
  end
33 34

  def authorize_admin_issuable!
35
    unless can?(current_user, :"admin_#{resource_name}", @project)
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
      return access_denied!
    end
  end

  def bulk_update_params
    params.require(:update).permit(
      :issuable_ids,
      :assignee_id,
      :milestone_id,
      :state_event,
      :subscription_event,
      label_ids: [],
      add_label_ids: [],
      remove_label_ids: []
    )
  end

  def resource_name
    @resource_name ||= controller_name.singularize
  end
56
end