snippets_controller.rb 2.8 KB
Newer Older
1
class Projects::SnippetsController < Projects::ApplicationController
2 3
  before_action :module_enabled
  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
Andrew8xx8's avatar
Andrew8xx8 committed
4 5

  # Allow read any snippet
6
  before_action :authorize_read_project_snippet!, except: [:new, :create, :index]
Andrew8xx8's avatar
Andrew8xx8 committed
7 8

  # Allow write(create) snippet
9
  before_action :authorize_create_project_snippet!, only: [:new, :create]
Andrew8xx8's avatar
Andrew8xx8 committed
10 11

  # Allow modify snippet
12
  before_action :authorize_update_project_snippet!, only: [:edit, :update]
Andrew8xx8's avatar
Andrew8xx8 committed
13 14

  # Allow destroy snippet
15
  before_action :authorize_admin_project_snippet!, only: [:destroy]
Andrew8xx8's avatar
Andrew8xx8 committed
16 17 18 19

  respond_to :html

  def index
20 21 22 23
    @snippets = SnippetsFinder.new.execute(current_user, {
      filter: :by_project,
      project: @project
    })
24
    @snippets = @snippets.page(params[:page])
Andrew8xx8's avatar
Andrew8xx8 committed
25 26 27
  end

  def new
28
    @snippet = @noteable = @project.snippets.build
Andrew8xx8's avatar
Andrew8xx8 committed
29 30 31
  end

  def create
32 33
    @snippet = CreateSnippetService.new(@project, current_user,
                                        snippet_params).execute
34 35 36 37 38 39 40 41

    if @snippet.valid?
      respond_with(@snippet,
                   location: namespace_project_snippet_path(@project.namespace,
                                                            @project, @snippet))
    else
      render :new
    end
Andrew8xx8's avatar
Andrew8xx8 committed
42 43 44 45 46 47
  end

  def edit
  end

  def update
48 49 50 51 52
    UpdateSnippetService.new(project, current_user, @snippet,
                             snippet_params).execute
    respond_with(@snippet,
                 location: namespace_project_snippet_path(@project.namespace,
                                                          @project, @snippet))
Andrew8xx8's avatar
Andrew8xx8 committed
53 54 55 56
  end

  def show
    @note = @project.notes.new(noteable: @snippet)
57
    @notes = Banzai::NoteRenderer.render(@snippet.notes.fresh, @project, current_user)
58
    @noteable = @snippet
Andrew8xx8's avatar
Andrew8xx8 committed
59 60 61
  end

  def destroy
62
    return access_denied! unless can?(current_user, :admin_project_snippet, @snippet)
Andrew8xx8's avatar
Andrew8xx8 committed
63 64 65

    @snippet.destroy

Vinnie Okada's avatar
Vinnie Okada committed
66
    redirect_to namespace_project_snippets_path(@project.namespace, @project)
Andrew8xx8's avatar
Andrew8xx8 committed
67 68 69 70 71
  end

  def raw
    send_data(
      @snippet.content,
72
      type: 'text/plain; charset=utf-8',
Andrew8xx8's avatar
Andrew8xx8 committed
73
      disposition: 'inline',
74
      filename: @snippet.sanitized_file_name
Andrew8xx8's avatar
Andrew8xx8 committed
75 76 77 78 79 80 81 82 83
    )
  end

  protected

  def snippet
    @snippet ||= @project.snippets.find(params[:id])
  end

84 85 86 87
  def authorize_read_project_snippet!
    return render_404 unless can?(current_user, :read_project_snippet, @snippet)
  end

88
  def authorize_update_project_snippet!
89
    return render_404 unless can?(current_user, :update_project_snippet, @snippet)
Andrew8xx8's avatar
Andrew8xx8 committed
90 91
  end

92
  def authorize_admin_project_snippet!
93
    return render_404 unless can?(current_user, :admin_project_snippet, @snippet)
Andrew8xx8's avatar
Andrew8xx8 committed
94 95 96
  end

  def module_enabled
97
    return render_404 unless @project.feature_available?(:snippets, current_user)
Andrew8xx8's avatar
Andrew8xx8 committed
98
  end
99 100

  def snippet_params
101
    params.require(:project_snippet).permit(:title, :content, :file_name, :private, :visibility_level)
102
  end
Andrew8xx8's avatar
Andrew8xx8 committed
103
end