Redmine/app/controllers/webhooks_controller.rb

# frozen_string_literal: true

class WebhooksController < ApplicationController
  self.main_menu = false

  before_action :require_login
  before_action :authorize

  before_action :find_webhook, only: [:edit, :update, :destroy]

  require_sudo_mode :create, :update, :destroy

  def index
    @webhooks = webhooks.order(:url)
  end

  def new
    @webhook = Webhook.new
  end

  def edit
  end

  def create
    @webhook = webhooks.build(webhook_params)
    if @webhook.save
      redirect_to webhooks_path
    else
      render :new
    end
  end

  def update
    if @webhook.update(webhook_params)
      redirect_to webhooks_path
    else
      render :edit
    end
  end

  def destroy
    @webhook.destroy
    redirect_to webhooks_path
  end

  private

  def webhook_params
    params.require(:webhook).permit(:url, :secret, :active, events: [], project_ids: [])
  end

  def find_webhook
    @webhook = webhooks.find(params[:id])
  rescue ActiveRecord::RecordNotFound
    render_404
  end

  def webhooks
    User.current.webhooks
  end

  def authorize
    deny_access unless User.current.allowed_to?(:use_webhooks, nil, global: true)
  end
end
Introduces issue webhooks (#29664): * users can set up hooks for issue creation, update and deletion events, for any number of projects * hooks run in the context of the creating user, and only if the object in question is visible to that user * the actual HTTP call is done in ActiveJob * webhook calls are optionally signed the same way GitHub does Patch by Jens Krämer (user:jkraemer). git-svn-id: https://svn.redmine.org/redmine/trunk@24034 e93f8b46-1217-0410-a6f0-8f06a7374b81 2025-10-07 06:49:14 +00:00			`# frozen_string_literal: true`

			`class WebhooksController < ApplicationController`
			`self.main_menu = false`

			`before_action :require_login`
Adds the :use_webhooks permission in order to allow users to use webhooks only in projects where they have this permission. This is checked when a hook is saved, and before a hook runs (#29664). Patch by Jens Krämer (user:jkraemer). git-svn-id: https://svn.redmine.org/redmine/trunk@24035 e93f8b46-1217-0410-a6f0-8f06a7374b81 2025-10-07 06:51:33 +00:00			`before_action :authorize`

Introduces issue webhooks (#29664): * users can set up hooks for issue creation, update and deletion events, for any number of projects * hooks run in the context of the creating user, and only if the object in question is visible to that user * the actual HTTP call is done in ActiveJob * webhook calls are optionally signed the same way GitHub does Patch by Jens Krämer (user:jkraemer). git-svn-id: https://svn.redmine.org/redmine/trunk@24034 e93f8b46-1217-0410-a6f0-8f06a7374b81 2025-10-07 06:49:14 +00:00			`before_action :find_webhook, only: [:edit, :update, :destroy]`

			`require_sudo_mode :create, :update, :destroy`

			`def index`
			`@webhooks = webhooks.order(:url)`
			`end`

			`def new`
			`@webhook = Webhook.new`
			`end`

			`def edit`
			`end`

			`def create`
			`@webhook = webhooks.build(webhook_params)`
			`if @webhook.save`
			`redirect_to webhooks_path`
			`else`
			`render :new`
			`end`
			`end`

			`def update`
			`if @webhook.update(webhook_params)`
			`redirect_to webhooks_path`
			`else`
			`render :edit`
			`end`
			`end`

			`def destroy`
			`@webhook.destroy`
			`redirect_to webhooks_path`
			`end`

			`private`

			`def webhook_params`
			`params.require(:webhook).permit(:url, :secret, :active, events: [], project_ids: [])`
			`end`

			`def find_webhook`
			`@webhook = webhooks.find(params[:id])`
			`rescue ActiveRecord::RecordNotFound`
			`render_404`
			`end`

			`def webhooks`
			`User.current.webhooks`
			`end`
Adds the :use_webhooks permission in order to allow users to use webhooks only in projects where they have this permission. This is checked when a hook is saved, and before a hook runs (#29664). Patch by Jens Krämer (user:jkraemer). git-svn-id: https://svn.redmine.org/redmine/trunk@24035 e93f8b46-1217-0410-a6f0-8f06a7374b81 2025-10-07 06:51:33 +00:00
			`def authorize`
			`deny_access unless User.current.allowed_to?(:use_webhooks, nil, global: true)`
			`end`
Introduces issue webhooks (#29664): * users can set up hooks for issue creation, update and deletion events, for any number of projects * hooks run in the context of the creating user, and only if the object in question is visible to that user * the actual HTTP call is done in ActiveJob * webhook calls are optionally signed the same way GitHub does Patch by Jens Krämer (user:jkraemer). git-svn-id: https://svn.redmine.org/redmine/trunk@24034 e93f8b46-1217-0410-a6f0-8f06a7374b81 2025-10-07 06:49:14 +00:00			`end`