| ... | ... | @@ -10,7 +10,7 @@ module API |
|
|
|
end
|
|
|
|
|
|
|
|
def update_note(noteable, note_id)
|
|
|
|
note = noteable.notes.find(params[:note_id])
|
|
|
|
note = noteable.notes.find(note_id)
|
|
|
|
|
|
|
|
authorize! :admin_note, note
|
|
|
|
|
| ... | ... | @@ -60,7 +60,7 @@ module API |
|
|
|
|
|
|
|
def get_note(noteable, note_id)
|
|
|
|
note = noteable.notes.with_metadata.find(params[:note_id])
|
|
|
|
can_read_note = !note.cross_reference_not_visible_for?(current_user)
|
|
|
|
can_read_note = note.visible_for?(current_user)
|
|
|
|
|
|
|
|
if can_read_note
|
|
|
|
present note, with: Entities::Note
|
| ... | ... | @@ -69,6 +69,10 @@ module API |
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def reject_note?(noteable_type, noteable, parent_type, parent_id, note)
|
|
|
|
note.cross_reference_not_visible_for?(current_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
def noteable_read_ability_name(noteable)
|
|
|
|
"read_#{noteable.class.to_s.underscore}".to_sym
|
|
|
|
end
|
| ... | ... | |
| ... | ... | |