forgeplus/app/controllers/api/pm/base_controller.rb

class Api::Pm::BaseController < ApplicationController

  include Api::ProjectHelper
  include Api::UserHelper
  include Api::PullHelper

  # before_action :doorkeeper_authorize!
  # skip_before_action :user_setup

  protected 

  def kaminary_select_paginate(relation)
		limit = params[:limit] || params[:per_page]
		limit = (limit.to_i.zero? || limit.to_i > 200) ? 200 : limit.to_i
		page  = params[:page].to_i.zero? ? 1 : params[:page].to_i

		relation.page(page).per(limit)
	end
  
  def limit
    params.fetch(:limit, 15) 
  end

  def page 
    params.fetch(:page, 1)
  end

  def load_project
    @project = Project.find_by_id(params[:project_id]) || Project.new(id: 0, user_id: 0, name: 'pm_mm', identifier: 'pm_mm', is_public:true)
  end

  def load_issue
    return render_parameter_missing if params[:pm_project_id].blank?
    @issue = Issue.issue_issue.where(pm_project_id: params[:pm_project_id]).find_by_id(params[:issue_id])
    render_not_found('疑修不存在!') if @issue.blank?
  end
  # 具有对仓库的管理权限
  def require_manager_above
    @project = load_project
    return render_forbidden if !current_user.admin? && !@project.manager?(current_user)
  end

  # 具有对仓库的操作权限
  def require_operate_above 
    @project = load_project
    return render_forbidden if !current_user.admin? && !@project.operator?(current_user)
  end

  # 具有仓库的操作权限或者fork仓库的操作权限
  def require_operate_above_or_fork_project 
    @project = load_project
    return render_forbidden if !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user))
  end

  # 具有对仓库的访问权限
  def require_public_and_member_above
    @project = load_project
    return render_forbidden if !@project.is_public && !current_user.admin? && !@project.member?(current_user)
  end
end