新增: 合并请求创建审查接口

app/controllers/api/v1/base_controller.rb

@@ -31,18 +31,18 @@ class Api::V1::BaseController < ApplicationController
   # 具有对仓库的管理权限
   def require_manager_above
     @project = load_project
-    return render_forbidden unless current_user.admin? && @project.manager?(current_user)
+    return render_forbidden if !current_user.admin? && !@project.manager?(current_user)
   end
 
   # 具有对仓库的操作权限
   def require_operate_above 
     @project = load_project
-    return render_forbidden unless current_user.admin? && @project.operator?(current_user)
+    return render_forbidden if !current_user.admin? && !@project.operator?(current_user)
   end
 
   # 具有对仓库的访问权限
   def require_public_and_member_above
     @project = load_project 
-    return render_forbidden unless @project.is_public || (current_user.admin? && @project.member?(current_user))
+    return render_forbidden if !@project.is_public && !current_user.admin? && !@project.member?(current_user)
   end
 end

app/controllers/api/v1/projects/pulls/reviews_controller.rb

@@ -4,4 +4,20 @@ class Api::V1::Projects::Pulls::ReviewsController < Api::V1::Projects::Pulls::Ba
     @reviews = @pull_request.reviews 
     @reviews = kaminari_paginate(@reviews)
   end
+
+  before_action :require_reviewer, only: [:create]
+
+  def create 
+    @journal, @review = Api::V1::Projects::Pulls::Reviews::CreateService.call(@project, @pull_request, review_params, current_user)
+  end
+
+  private 
+  def require_reviewer
+    puts @pull_request.reviewers.exists?(current_user.id)
+    return render_forbidden('您没有审查权限，请联系项目管理员') if !current_user.admin? && !@pull_request.reviewers.exists?(current_user.id)
+  end
+
+  def review_params 
+    params.require(:review).permit(:content, :commit_id, :status)
+  end
 end