mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-03 21:32:46 +08:00
18396c93a2
The reviewable notes route was originally created at `/reviewables/:reviewable_id/notes`, which didn't match the existing reviewable routes at `/review/:reviewable_id`. This change fixes the naming inconsistency, and tidies up some of the endpoint permission checks.
43 lines
1 KiB
Ruby
43 lines
1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ReviewableNotesController < ApplicationController
|
|
before_action :find_reviewable
|
|
before_action :ensure_can_see
|
|
|
|
def create
|
|
note = @reviewable.reviewable_notes.build(note_params)
|
|
note.user = current_user
|
|
|
|
if note.save
|
|
# Reload to ensure associations are loaded
|
|
note.reload
|
|
render json: ReviewableNoteSerializer.new(note, scope: guardian, root: false)
|
|
else
|
|
render json: { errors: note.errors.full_messages }, status: 422
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
note = @reviewable.reviewable_notes.find(params[:note_id])
|
|
|
|
# Only allow the author or admin to delete notes
|
|
raise Discourse::InvalidAccess unless note.user == current_user || current_user.admin?
|
|
|
|
note.destroy!
|
|
render json: success_json
|
|
end
|
|
|
|
private
|
|
|
|
def find_reviewable
|
|
@reviewable = Reviewable.find(params[:reviewable_id])
|
|
end
|
|
|
|
def note_params
|
|
params.require(:reviewable_note).permit(:content)
|
|
end
|
|
|
|
def ensure_can_see
|
|
Guardian.new(current_user).ensure_can_see_review_queue!
|
|
end
|
|
end
|
