API: Introduce `#find_project!` which also check access permission

Signed-off-by: Rémy Coutable <remy@rymai.me>

API: Introduce `#find_project!` which also check access permission
Signed-off-by: Rémy Coutable <remy@rymai.me>
4f5ed812 · Rémy Coutable · 304163be · 4f5ed812 · 4f5ed812
Commit 4f5ed812 authored Nov 24, 2016 by Rémy Coutable
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 8 deletions

lib/api/helpers.rb lib/api/helpers.rb +10 -7

lib/api/projects.rb lib/api/projects.rb +1 -1

No files found.
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -68,7 +68,7 @@ module API
    end
    def user_project
-      @project ||= find_project(params[:id])
+      @project ||= find_project!(params[:id])
    end
    def available_labels
@@ -76,12 +76,15 @@ module API
    end
    def find_project(id)
-      project =
      if id =~ /^\d+$/
        Project.find_by(id: id)
      else
        Project.find_with_namespace(id)
      end
+    end
+    def find_project!(id)
+      project = find_project(id)
      if can?(current_user, :read_project, project)
        project

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -379,7 +379,7 @@ module API
      #   POST /projects/:id/fork/:forked_from_id
      post ":id/fork/:forked_from_id" do
        authenticated_as_admin!
-        forked_from_project = find_project(params[:forked_from_id])
+        forked_from_project = find_project!(params[:forked_from_id])
        unless forked_from_project.nil?
          if user_project.forked_from_project.nil?
            user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id)