diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-04-21 12:20:05 +0200 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-04-22 07:59:08 +0200 |
| commit | 4adfd501a5d31abd16bccf08586bf8a125b03450 (patch) | |
| tree | 0ec369e0ef54b6105bfc8bbe670fd0eefbc0699a | |
| parent | aea97991977bc2af27ce93f5b5e2bd9b7735999e (diff) | |
| download | gitlab-ce-4adfd501a5d31abd16bccf08586bf8a125b03450.tar.gz | |
Verify label affiliation before assigning to issue
This also verify if milestone belongs to correct project before creating
a new issue.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439
| -rw-r--r-- | app/services/issuable_base_service.rb | 28 | ||||
| -rw-r--r-- | spec/services/issues/create_service_spec.rb | 28 |
2 files changed, 54 insertions, 2 deletions
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb index 18f76d3f650..ab110001f91 100644 --- a/app/services/issuable_base_service.rb +++ b/app/services/issuable_base_service.rb @@ -37,8 +37,9 @@ class IssuableBaseService < BaseService end def filter_params(issuable_ability_name = :issue) - params[:assignee_id] = "" if params[:assignee_id] == IssuableFinder::NONE - params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE + filter_assignee + filter_milestone + filter_labels ability = :"admin_#{issuable_ability_name}" @@ -49,6 +50,29 @@ class IssuableBaseService < BaseService end end + def filter_assignee + if params[:assignee_id] == IssuableFinder::NONE + params[:assignee_id] = '' + end + end + + def filter_milestone + return unless params[:milestone_id] + + if params[:milestone_id] == IssuableFinder::NONE || + Milestone.find(params[:milestone_id]).try(:project) != project + params[:milestone_id] = '' + end + end + + def filter_labels + return if params[:label_ids].to_a.empty? + + params[:label_ids].select! do |label_id| + Label.find(label_id).try(:project) == project + end + end + def update(issuable) change_state(issuable) filter_params diff --git a/spec/services/issues/create_service_spec.rb b/spec/services/issues/create_service_spec.rb index 5e7915db7e1..d11c45df8ff 100644 --- a/spec/services/issues/create_service_spec.rb +++ b/spec/services/issues/create_service_spec.rb @@ -37,6 +37,34 @@ describe Issues::CreateService, services: true do expect(Todo.where(attributes).count).to eq 1 end + + context 'label that belongs to different project' do + let(:issue) { Issues::CreateService.new(project, user, opts).execute } + let(:label) { create(:label) } + let(:opts) do + { title: 'Title', + description: 'Description', + label_ids: [label.id] } + end + + it 'does not assign label'do + expect(issue.labels).to_not include label + end + end + + context 'milestone that belongs to different project' do + let(:issue) { Issues::CreateService.new(project, user, opts).execute } + let(:milestone) { create(:milestone) } + let(:opts) do + { title: 'Title', + description: 'Description', + milestone_id: milestone.id } + end + + it 'does not assign label' do + expect(issue.milestone).to_not eq milestone + end + end end end end |