Merge branch '60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues' into 'master'11-10-stable-patch-1

Adds `label_name` back as a scalar param in `IssuableFinder`

Closes #60569

See merge request gitlab-org/gitlab-ce!27507

(cherry picked from commit 5b154dafdf661cd2c7143de7e51e87d2bac4130b)

ff627511 Add label_name as scalar param of IssuableFinder

3 files changed, 74 insertions, 42 deletions

diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 64c88505a16..fa9dda2ab31 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -53,6 +53,7 @@ class IssuableFinder
       assignee_username
       author_id
       author_username
+      label_name
       milestone_title
       my_reaction_emoji
       search
diff --git a/changelogs/unreleased/60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues.yml b/changelogs/unreleased/60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues.yml
new file mode 100644
index 00000000000..5319373ec4b
--- /dev/null
+++ b/changelogs/unreleased/60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues.yml
@@ -0,0 +1,5 @@
+---
+title: Fix filtering of labels from system note link
+merge_request: 27507
+author:
+type: fixed
diff --git a/spec/controllers/concerns/issuable_collections_spec.rb b/spec/controllers/concerns/issuable_collections_spec.rb
index a82b66361ca..f098ec2e167 100644
--- a/spec/controllers/concerns/issuable_collections_spec.rb
+++ b/spec/controllers/concerns/issuable_collections_spec.rb
@@ -106,51 +106,77 @@ describe IssuableCollections do
   end
 
   describe '#finder_options' do
-    let(:params) do
-      {
-        assignee_id: '1',
-        assignee_username: 'user1',
-        author_id: '2',
-        author_username: 'user2',
-        authorized_only: 'yes',
-        confidential: true,
-        due_date: '2017-01-01',
-        group_id: '3',
-        iids: '4',
-        label_name: ['foo'],
-        milestone_title: 'bar',
-        my_reaction_emoji: 'thumbsup',
-        non_archived: 'true',
-        project_id: '5',
-        scope: 'all',
-        search: 'baz',
-        sort: 'priority',
-        state: 'opened',
-        invalid_param: 'invalid_param'
-      }
-    end
-
-    it 'only allows whitelisted params' do
+    before do
       allow(controller).to receive(:cookies).and_return({})
       allow(controller).to receive(:current_user).and_return(nil)
+    end
+
+    subject { controller.send(:finder_options).to_h }
+
+    context 'scalar params' do
+      let(:params) do
+        {
+          assignee_id: '1',
+          assignee_username: 'user1',
+          author_id: '2',
+          author_username: 'user2',
+          authorized_only: 'yes',
+          confidential: true,
+          due_date: '2017-01-01',
+          group_id: '3',
+          iids: '4',
+          label_name: 'foo',
+          milestone_title: 'bar',
+          my_reaction_emoji: 'thumbsup',
+          non_archived: 'true',
+          project_id: '5',
+          scope: 'all',
+          search: 'baz',
+          sort: 'priority',
+          state: 'opened',
+          invalid_param: 'invalid_param'
+        }
+      end
+
+      it 'only allows whitelisted params' do
+        is_expected.to include({
+          'assignee_id' => '1',
+          'assignee_username' => 'user1',
+          'author_id' => '2',
+          'author_username' => 'user2',
+          'confidential' => true,
+          'label_name' => 'foo',
+          'milestone_title' => 'bar',
+          'my_reaction_emoji' => 'thumbsup',
+          'due_date' => '2017-01-01',
+          'scope' => 'all',
+          'search' => 'baz',
+          'sort' => 'priority',
+          'state' => 'opened'
+        })
+
+        is_expected.not_to include('invalid_param')
+      end
+    end
+
+    context 'array params' do
+      let(:params) do
+        {
+          assignee_username: %w[user1 user2],
+          label_name: %w[label1 label2],
+          invalid_param: 'invalid_param',
+          invalid_array: ['param']
+        }
+      end
+
+      it 'only allows whitelisted params' do
+        is_expected.to include({
+          'label_name' => %w[label1 label2],
+          'assignee_username' => %w[user1 user2]
+        })
 
-      finder_options = controller.send(:finder_options)
-
-      expect(finder_options).to eq(ActionController::Parameters.new({
-        'assignee_id' => '1',
-        'assignee_username' => 'user1',
-        'author_id' => '2',
-        'author_username' => 'user2',
-        'confidential' => true,
-        'label_name' => ['foo'],
-        'milestone_title' => 'bar',
-        'my_reaction_emoji' => 'thumbsup',
-        'due_date' => '2017-01-01',
-        'scope' => 'all',
-        'search' => 'baz',
-        'sort' => 'priority',
-        'state' => 'opened'
-      }).permit!)
+        is_expected.not_to include('invalid_param', 'invalid_array')
+      end
     end
   end
 end