Module: API::Helpers::NotesHelpers

Includes:
RendersNotes
Defined in:
lib/api/helpers/notes_helpers.rb

Defined Under Namespace

Classes: NoteableType

Class Method Summary collapse

Instance Method Summary collapse

Methods included from RendersNotes

#prepare_notes_for_rendering

Class Method Details

.job_token_policy_for(noteable_type, http_method) ⇒ Object

Raises:

  • (ArgumentError) 


199
200
201
202
203
204
205
206
207
 
# File 'lib/api/helpers/notes_helpers.rb', line 199

def self.job_token_policy_for(noteable_type, http_method)
  return unless noteable_type&.policy_base
  return unless http_method.present?

  # Job tokens are restricted to read-only operations
  raise ArgumentError, "Job tokens only support read operations" unless %w[GET HEAD].include?(http_method)

  :"read_#{noteable_type.policy_base}"
end

.noteable_typesObject 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/api/helpers/notes_helpers.rb', line 24

def self.noteable_types
  [
    NoteableType.new(noteable_class: Issue, feature_category: :team_planning),
    NoteableType.new(
      noteable_class: MergeRequest,
      feature_category: :code_review_workflow,
      policy_base: 'merge_requests'
    ),
    NoteableType.new(noteable_class: Snippet, feature_category: :source_code_management),
    NoteableType.new(
      noteable_class: WikiPage::Meta,
      feature_category: :wiki,
      noteables_str: 'wiki_pages',
      parent_type: 'project'
    )
  ]
end

Instance Method Details

#ability_name(noteable) ⇒ Object 



105
106
107
108
109
110
111
 
# File 'lib/api/helpers/notes_helpers.rb', line 105

def ability_name(noteable)
  if noteable.respond_to?(:to_ability_name)
    noteable.to_ability_name
  else
    noteable.class.to_s.underscore
  end
end

#add_parent_to_finder_params(finder_params, noteable_type, parent_type) ⇒ Object 



139
140
141
 
# File 'lib/api/helpers/notes_helpers.rb', line 139

def add_parent_to_finder_params(finder_params, noteable_type, parent_type)
  finder_params[:project] = user_project if parent_type != 'group'
end

#create_note(noteable, opts) ⇒ Object 



150
151
152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/api/helpers/notes_helpers.rb', line 150

def create_note(noteable, opts)
  disable_query_limiting
  authorize!(:create_note, noteable)

  parent = noteable_parent(noteable)

  opts.delete(:created_at) unless current_user.can?(:set_note_created_at, noteable)

  opts[:updated_at] = opts[:created_at] if opts[:created_at]

  project = parent if parent.is_a?(Project)
  ::Notes::CreateService.new(project, current_user, opts).execute
end

#delete_note(noteable, note_id) ⇒ Object 



78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/api/helpers/notes_helpers.rb', line 78

def delete_note(noteable, note_id)
  note = noteable.notes.find(note_id)

  authorize! :admin_note, note

  parent = noteable_parent(noteable)
  project = parent if parent.is_a?(Project)
  destroy_conditionally!(note) do |note|
    ::Notes::DestroyService.new(project, current_user).execute(note)
  end
end

#disable_query_limitingObject 



195
196
197
 
# File 'lib/api/helpers/notes_helpers.rb', line 195

def disable_query_limiting
  Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/211538')
end

#find_noteable(noteable_type, noteable_id, parent_type = nil) ⇒ Object 



113
114
115
116
117
118
119
120
121
122
123
124
 
# File 'lib/api/helpers/notes_helpers.rb', line 113

def find_noteable(noteable_type, noteable_id, parent_type = nil)
  params = finder_params_by_noteable_type_and_id(noteable_type, noteable_id, parent_type)

  noteable = NotesFinder.new(current_user, params).target

  # Checking `read_note` permission here, because API code does not seem to use NoteFinder to find notes,
  # but rather pulls notes directly through notes association, so there is no chance to check read_note
  # permission at service level. With WorkItem model we need to make sure that it has WorkItem::Widgets::Note
  # available in order to access notes.
  noteable = nil unless can_read_notes?(noteable)
  noteable || not_found!(noteable_type)
end

#finder_params_by_noteable_type_and_id(type, id, parent_type) ⇒ Object 



126
127
128
129
130
131
132
133
134
135
136
137
 
# File 'lib/api/helpers/notes_helpers.rb', line 126

def finder_params_by_noteable_type_and_id(type, id, parent_type)
  target_type = type.name.underscore
  { target_type: target_type }.tap do |h|
    if %w[issue merge_request].include?(target_type)
      h[:target_iid] = id
    else
      h[:target_id] = id
    end

    add_parent_to_finder_params(h, type, parent_type)
  end
end

#get_note(noteable, note_id) ⇒ Object 



90
91
92
93
94
95
96
97
98
99
 
# File 'lib/api/helpers/notes_helpers.rb', line 90

def get_note(noteable, note_id)
  note = noteable.notes.with_metadata.find(note_id)
  can_read_note = note.readable_by?(current_user)

  if can_read_note
    present note, with: Entities::Note
  else
    not_found!("Note")
  end
end

#noteable_parent(noteable) ⇒ Object 



143
144
145
146
147
148
 
# File 'lib/api/helpers/notes_helpers.rb', line 143

def noteable_parent(noteable)
  parent_class ||= noteable.container.class.name if noteable.is_a?(WikiPage::Meta)
  parent_class ||= noteable.class.parent_class

  public_send("user_#{parent_class.to_s.underscore}") # rubocop:disable GitlabSecurity/PublicSend
end

#noteable_read_ability_name(noteable) ⇒ Object 



101
102
103
 
# File 'lib/api/helpers/notes_helpers.rb', line 101

def noteable_read_ability_name(noteable)
  :"read_#{ability_name(noteable)}"
end

#process_note_creation_result(note, &block) ⇒ Object 



164
165
166
167
168
169
170
171
172
173
174
175
176
177
 
# File 'lib/api/helpers/notes_helpers.rb', line 164

def process_note_creation_result(note, &block)
  quick_action_status = note.quick_actions_status

  if quick_action_status&.commands_only? && quick_action_status.success?
    status 202
    present note, with: Entities::NoteCommands
  elsif note.errors.present?
    bad_request!("Note #{note.errors.messages}")
  elsif note.persisted?
    yield
  elsif quick_action_status&.error?
    bad_request!(quick_action_status.error_messages.join(', '))
  end
end

#resolve_discussion(noteable, discussion_id, resolved) ⇒ Object 



179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
 
# File 'lib/api/helpers/notes_helpers.rb', line 179

def resolve_discussion(noteable, discussion_id, resolved)
  discussion = noteable.find_discussion(discussion_id)

  not_found!('Discussion') unless discussion
  forbidden! unless discussion.can_resolve?(current_user)

  if resolved
    parent = noteable_parent(noteable)
    ::Discussions::ResolveService.new(parent, current_user, one_or_more_discussions: discussion).execute
  else
    ::Discussions::UnresolveService.new(discussion, current_user).execute
  end

  present discussion, with: Entities::Discussion
end

#resolve_note(noteable, note_id, resolved) ⇒ Object 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/api/helpers/notes_helpers.rb', line 61

def resolve_note(noteable, note_id, resolved)
  note = noteable.notes.find(note_id)

  authorize! :resolve_note, note

  bad_request!("Note is not resolvable") unless note.resolvable?

  if resolved
    parent = noteable_parent(noteable)
    ::Notes::ResolveService.new(parent, current_user).execute(note)
  else
    note.unresolve!
  end

  present note, with: Entities::Note
end

#update_note(noteable, note_id) ⇒ Object 



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/api/helpers/notes_helpers.rb', line 42

def update_note(noteable, note_id)
  note = noteable.notes.find(note_id)

  authorize! :admin_note, note

  opts = {
    note: params[:body],
    confidential: params[:confidential]
  }.compact
  parent = noteable_parent(noteable)
  project = parent if parent.is_a?(Project)

  note = ::Notes::UpdateService.new(project, current_user, opts).execute(note)

  process_note_creation_result(note) do
    present note, with: Entities::Note
  end
end