module Gitlab module APIHelpers def current_user @current_user ||= User.find_by_authentication_token(params[:private_token]) end def user_project if @project ||= current_user.projects.find_by_id(params[:id]) || current_user.projects.find_by_code(params[:id]) else error!({'message' => '404 Not found'}, 404) end @project end def paginate(object) object.page(params[:page]).per(params[:per_page].to_i) end def authenticate! error!({'message' => '401 Unauthorized'}, 401) unless current_user end def authorize! action, subject unless abilities.allowed?(current_user, action, subject) error!({'message' => '403 Forbidden'}, 403) end end private def abilities @abilities ||= begin abilities = Six.new abilities << Ability abilities end end end end