diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-11-30 11:23:31 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-11-30 11:23:31 +0000 |
| commit | 2706550a964711f7d2b10ab0f6e4dc14b5d72159 (patch) | |
| tree | 2208a080bed6f688df192d1dda90536627b27415 | |
| parent | 2e034dbe2be448628d1b7ccfab991a2307e59802 (diff) | |
| parent | f5e8337c7bb7e218303a713440e31f44a66471d7 (diff) | |
| download | gitlab-ce-2706550a964711f7d2b10ab0f6e4dc14b5d72159.tar.gz | |
Merge branch '25031-do-not-raise-error-in-autocomplete' into 'master'
Do not raise error in AutocompleteController#users when not authorized
Closes #25031
See merge request !7817
| -rw-r--r-- | app/controllers/autocomplete_controller.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml | 4 | ||||
| -rw-r--r-- | spec/controllers/autocomplete_controller_spec.rb | 9 |
3 files changed, 14 insertions, 1 deletions
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 5c44637fdee..5f13353baa1 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -11,7 +11,7 @@ class AutocompleteController < ApplicationController @users = @users.reorder(:name) @users = @users.page(params[:page]) - if params[:todo_filter].present? + if params[:todo_filter].present? && current_user @users = @users.todo_authors(current_user.id, params[:todo_state_filter]) end diff --git a/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml b/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml new file mode 100644 index 00000000000..862de7c5db1 --- /dev/null +++ b/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml @@ -0,0 +1,4 @@ +--- +title: Do not raise error in AutocompleteController#users when not authorized +merge_request: 7817 +author: Semyon Pupkov diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 0d1545040f1..ea2fd90a9b0 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -144,6 +144,15 @@ describe AutocompleteController do it { expect(body).to be_kind_of(Array) } it { expect(body.size).to eq 0 } end + + describe 'GET #users with todo filter' do + it 'gives an array of users' do + get :users, todo_filter: true + + expect(response.status).to eq 200 + expect(body).to be_kind_of(Array) + end + end end context 'author of issuable included' do |