DRY up Vulnerability API code

df1aee14 · Jonathan Schafer · bdefe8a7 · df1aee14
Commit df1aee14 authored Jul 08, 2020 by Jonathan Schafer
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 14 deletions

ee/lib/api/vulnerabilities.rb ee/lib/api/vulnerabilities.rb +15 -14

No files found.
--- a/ee/lib/api/vulnerabilities.rb
+++ b/ee/lib/api/vulnerabilities.rb
@@ -29,45 +29,46 @@ module API
      requires :id, type: String, desc: 'The ID of a vulnerability'
    end
    resource :vulnerabilities do
+      before do
+        @vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
+      end
+      after do
+        render_vulnerability(@vulnerability)
+      end
      desc 'Get a vulnerability' do
        success EE::API::Entities::Vulnerability
      end
      get ':id' do
-        vulnerability = find_and_authorize_vulnerability!(:read_vulnerability)
+        # do nothing
-        render_vulnerability(vulnerability)
      end
      desc 'Resolve a vulnerability' do
        success EE::API::Entities::Vulnerability
      end
      post ':id/resolve' do
-        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
+        not_modified! if @vulnerability.resolved?
-        not_modified! if vulnerability.resolved?
-        vulnerability = ::Vulnerabilities::ResolveService.new(current_user, vulnerability).execute
+        @vulnerability = ::Vulnerabilities::ResolveService.new(current_user, @vulnerability).execute
-        render_vulnerability(vulnerability)
      end
      desc 'Dismiss a vulnerability' do
        success EE::API::Entities::Vulnerability
      end
      post ':id/dismiss' do
-        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
+        not_modified! if @vulnerability.dismissed?
-        not_modified! if vulnerability.dismissed?
-        vulnerability = ::Vulnerabilities::DismissService.new(current_user, vulnerability).execute
+        @vulnerability = ::Vulnerabilities::DismissService.new(current_user, @vulnerability).execute
-        render_vulnerability(vulnerability)
      end
      desc 'Confirm a vulnerability' do
        success EE::API::Entities::Vulnerability
      end
      post ':id/confirm' do
-        vulnerability = find_and_authorize_vulnerability!(:admin_vulnerability)
+        not_modified! if @vulnerability.confirmed?
-        not_modified! if vulnerability.confirmed?
-        vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, vulnerability).execute
+        @vulnerability = ::Vulnerabilities::ConfirmService.new(current_user, @vulnerability).execute
-        render_vulnerability(vulnerability)
      end
    end