| ... | @@ -10,7 +10,7 @@ module API |
... | @@ -10,7 +10,7 @@ module API |
|
|
end
|
|
end
|
|
|
|
|
|
|
|
def update_note(noteable, note_id)
|
|
def update_note(noteable, note_id)
|
|
|
note = noteable.notes.find(params[:note_id])
|
|
note = noteable.notes.find(note_id)
|
|
|
|
|
|
|
|
authorize! :admin_note, note
|
|
authorize! :admin_note, note
|
|
|
|
|
|
| ... | @@ -59,8 +59,8 @@ module API |
... | @@ -59,8 +59,8 @@ module API |
|
|
end
|
|
end
|
|
|
|
|
|
|
|
def get_note(noteable, note_id)
|
|
def get_note(noteable, note_id)
|
|
|
note = noteable.notes.with_metadata.find(params[:note_id])
|
|
note = noteable.notes.with_metadata.find(note_id)
|
|
|
can_read_note = !note.cross_reference_not_visible_for?(current_user)
|
|
can_read_note = note.visible_for?(current_user)
|
|
|
|
|
|
|
|
if can_read_note
|
|
if can_read_note
|
|
|
present note, with: Entities::Note
|
|
present note, with: Entities::Note
|
| ... | @@ -81,6 +81,10 @@ module API |
... | @@ -81,6 +81,10 @@ module API |
|
|
noteable || not_found!(noteable_type)
|
|
noteable || not_found!(noteable_type)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
|
def reject_note?(noteable_type, noteable, parent_type, parent_id, note)
|
|
|
|
note.cross_reference_not_visible_for?(current_user)
|
|
|
|
end
|
|
|
|
|
|
|
def params_by_noteable_type_and_id(type, id)
|
|
def params_by_noteable_type_and_id(type, id)
|
|
|
target_type = type.name.underscore
|
|
target_type = type.name.underscore
|
|
|
{ target_type: target_type }.tap do |h|
|
|
{ target_type: target_type }.tap do |h|
|
| ... | |
... | |
| ... | | ... | |