class Api::V1::IssuesController < Api::V1::BaseController before_action :require_public_and_member_above, only: [:index, :show, :create, :update, :destroy] def index @object_results = Api::V1::Issues::ListService.call(@project, query_params, current_user) @issues = kaminari_paginate(@object_results) end def create @object_result = Api::V1::Issues::CreateService.call(@project, issue_params, current_user) end before_action :load_issue, only: [:show, :update, :destroy] def show end def update @object_result = Api::V1::Issues::EditService.call(@project, issue_params, current_user) end private def query_params params.permit( :category, :participant_category, :keyword, :author_id, :milestone_id, :assigner_id, :status_id, :sort_by, :sort_direction, :issue_tag_ids => []) end def issue_params params.permit( :status_id, :priority_id, :milestone_id, :branch_name, :start_date, :due_date, :subject, :description, :issue_tag_ids => [], :assigner_ids => [], :attachment_ids => []) end def load_issue @issue = @project.issues.where(project_issues_index: params[:id]).where.not(id: params[:id]).take || Issue.find_by_id(params[:id]) if @issue.blank? render_not_found("疑修不存在!") elsif @issue.present? && @issue.is_lock &&!(@project.member?(current_user) || current_user.admin?) render_forbidden("您没有权限操作!") end end end