diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 1003b596aeca9103e40dbfa667f262d2905d1c3d..40c967453fb778df98cbf99448817968c55cba91 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -397,9 +397,5 @@ module API
error!(errors[:access_level], 422) if errors[:access_level].any?
not_found!(errors)
end
-
- def noteable_ability_name(noteable)
- "read_#{noteable.class.to_s.underscore.downcase}".to_sym
- end
end
end
diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index c49b107d1d92fe93a617328283641ca8e798485c..d4fcfd3d4d3b46c8c39948575bf3db151d6bb4bb 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -21,7 +21,7 @@ module API
get ":id/#{noteables_str}/:#{noteable_id_str}/notes" do
@noteable = user_project.send(noteables_str.to_sym).find(params[noteable_id_str.to_sym])
- if can?(current_user, noteable_ability_name(@noteable), @noteable)
+ if can?(current_user, noteable_read_ability_name(@noteable), @noteable)
# We exclude notes that are cross-references and that cannot be viewed
# by the current user. By doing this exclusion at this level and not
# at the DB query level (which we cannot in that case), the current
@@ -51,7 +51,7 @@ module API
get ":id/#{noteables_str}/:#{noteable_id_str}/notes/:note_id" do
@noteable = user_project.send(noteables_str.to_sym).find(params[noteable_id_str.to_sym])
@note = @noteable.notes.find(params[:note_id])
- can_read_note = can?(current_user, noteable_ability_name(@noteable), @noteable) && !@note.cross_reference_not_visible_for?(current_user)
+ can_read_note = can?(current_user, noteable_read_ability_name(@noteable), @noteable) && !@note.cross_reference_not_visible_for?(current_user)
if can_read_note
present @note, with: Entities::Note
@@ -141,5 +141,11 @@ module API
end
end
end
+
+ helpers do
+ def noteable_read_ability_name(noteable)
+ "read_#{noteable.class.to_s.underscore.downcase}".to_sym
+ end
+ end
end
end