[api] Split up global_command action into 3 actions

global command was just wrapping 3 other actions and used a :cmd parameter to distinguish between them. Since we need to allow anonymous access for one of those three, we had to split them up. This will enable us to do so.
openSUSE · Oct 17, 2016 · 7b1a879 · 7b1a879
1 parent 527ed59
commit 7b1a879
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 30 deletions.
diff --git a/src/api/app/controllers/source_controller.rb b/src/api/app/controllers/source_controller.rb
@@ -22,7 +22,9 @@ class IllegalRequest < APIException
   skip_before_action :extract_user, only: [:lastevents_public]
   skip_before_action :require_login, only: [:lastevents_public]
 
-  before_action :require_valid_project_name, except: [:index, :lastevents, :lastevents_public, :global_command]
+  before_action :require_valid_project_name, except: [ :index, :lastevents, :lastevents_public,
+                                                       :global_command_orderkiwirepos, :global_command_branch,
+                                                       :global_command_createmaintenanceincident ]
 
   class NoPermissionForDeleted < APIException
     setup 403, 'only admins can see deleted projects'
@@ -46,14 +48,6 @@ def index
     end
   end
 
-  # POST /source
-  def global_command
-    unless %w(createmaintenanceincident branch orderkiwirepos).include? params[:cmd]
-      raise UnknownCommandError.new "Unknown command '#{params[:cmd]}' for path #{request.path}"
-    end
-    dispatch_command(:global_command, params[:cmd])
-  end
-
   def projectlist
     # list all projects (visible to user)
     output = Rails.cache.fetch(['projectlist', Project.maximum(:updated_at), Relationship.forbidden_project_ids]) do
@@ -846,16 +840,6 @@ def lastevents
     volley_backend_path(path) unless forward_from_backend(path)
   end
 
-  private
-
-  class AttributeNotFound < APIException
-    setup 'not_found', 404
-  end
-
-  class ModifyProjectNoPermission < APIException
-    setup 403
-  end
-
   # POST /source?cmd=createmaintenanceincident
   def global_command_createmaintenanceincident
     # set defaults
@@ -870,6 +854,26 @@ def global_command_createmaintenanceincident
     actually_create_incident(prj)
   end
 
+  # POST /source?cmd=branch (aka osc mbranch)
+  def global_command_branch
+    private_branch_command
+  end
+
+  # POST /source?cmd=orderkiwirepos
+  def global_command_orderkiwirepos
+    pass_to_backend
+  end
+
+  private
+
+  class AttributeNotFound < APIException
+    setup 'not_found', 404
+  end
+
+  class ModifyProjectNoPermission < APIException
+    setup 403
+  end
+
   def actually_create_incident(project)
     unless User.current.can_modify_project?(project)
       raise ModifyProjectNoPermission, "no permission to modify project '#{project.name}'"
@@ -888,16 +892,6 @@ def actually_create_incident(project)
   class RepoDependency < APIException
   end
 
-  # POST /source?cmd=branch (aka osc mbranch)
-  def global_command_branch
-    private_branch_command
-  end
-
-  # POST /source?cmd=orderkiwirepos
-  def global_command_orderkiwirepos
-    pass_to_backend
-  end
-
   # create a id collection of all projects doing a project link to this one
   # POST /source/<project>?cmd=showlinked
   def project_command_showlinked

diff --git a/src/api/config/routes.rb b/src/api/config/routes.rb
@@ -637,7 +637,9 @@ def self.matches?(request)
 
   controller :source do
     get 'source' => :index
-    post 'source' => :global_command
+    post 'source' => :global_command_createmaintenanceincident, constraints: -> (req) { req.params[:cmd] == "createmaintenanceincident" }
+    post 'source' => :global_command_branch,                    constraints: -> (req) { req.params[:cmd] == "branch" }
+    post 'source' => :global_command_orderkiwirepos,            constraints: -> (req) { req.params[:cmd] == "orderkiwirepos" }
 
     # project level
     get 'source/:project' => :show_project, constraints: cons