Fixes to projects boards

846cec83 · Felipe Artur · a424d173 · 846cec83 · 846cec83 · 846cec83
Commit 846cec83 authored Jul 25, 2017 by Felipe Artur
5 changed files
--- a/app/assets/javascripts/boards/services/board_service.js
+++ b/app/assets/javascripts/boards/services/board_service.js
@@ -4,8 +4,6 @@ import Vue from 'vue';

 class BoardService {
  constructor (root, listsEndpoint, bulkUpdatePath, boardId) {
-    // alert(listsEndpoint)
-    // alert(root)
    this.boards = Vue.resource(`${root}{/id}.json`, {}, {
      issues: {
        method: 'GET',

--- a/app/controllers/boards/lists_controller.rb
+++ b/app/controllers/boards/lists_controller.rb
@@ -2,7 +2,7 @@ module Boards
  class ListsController < Boards::ApplicationController
    include BoardsAuthorizations

-    #before_action :authorize_admin_list!, only: [:create, :update, :destroy, :generate]
+    before_action :authorize_admin_list!, only: [:create, :update, :destroy, :generate]
    before_action :authorize_read_list!, only: [:index]

    def index
@@ -12,7 +12,7 @@ module Boards
    end

    def create
-      list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute(board)
+      list = ::Boards::Lists::CreateService.new(board.parent, current_user, list_params).execute(board)

      if list.valid?
        render json: serialize_as_json(list)
@@ -23,7 +23,7 @@ module Boards

    def update
      list = board.lists.movable.find(params[:id])
-      service = Boards::Lists::MoveService.new(project, current_user, move_params)
+      service = Boards::Lists::MoveService.new(board_parent, current_user, move_params)

      if service.execute(list)
        head :ok
@@ -55,10 +55,6 @@ module Boards

    private

-    def authorize_admin_list!
-      return render_403 unless can?(current_user, :admin_list, project)
-    end
-
    def list_params
      params.require(:list).permit(:label_id)
    end

--- a/app/controllers/concerns/boards_authorizations.rb
+++ b/app/controllers/concerns/boards_authorizations.rb
@@ -21,6 +21,13 @@ module BoardsAuthorizations
    return render_403 unless action_allowed_for?(board.parent, :admin_issue)
  end

+  def authorize_admin_list!
+    ability = board.is_group_board? ? :admin_milestones : :admin_list
+
+    return render_403 unless action_allowed_for?(board.parent, ability)
+  end
+
+
  def action_allowed_for?(resource, ability)
    can?(current_user, ability, resource)
  end

--- a/app/helpers/boards_helper.rb
+++ b/app/helpers/boards_helper.rb
@@ -9,7 +9,7 @@ module BoardsHelper
      lists_endpoint: board_lists_path(board),
      board_id: board.id,
      board_milestone_title: board&.milestone&.title,
-      disabled: "#{!can?(current_user, :admin_list, @project)}", # Create this permission for groups( if needed )
+      disabled: "#{!can?(current_user, :admin_list, @project)}",
      issue_link_base: @issues_path,
      root_path: root_path,
      bulk_update_path: @bulk_issues_path,

--- a/app/models/ee/board.rb
+++ b/app/models/ee/board.rb
@@ -22,7 +22,7 @@ module EE
    end

    def parent
-      group || project
+      @parent ||= group || project
    end

    def is_group_board?