diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-02 21:28:54 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-02 21:28:54 +0000 |
commit | f4fbe9d60f1591a4900c9df5434bc41f86afb36b (patch) | |
tree | e6f986a4b4abc09be495d6786a8ef12fe53a01f1 | |
parent | ca0b403f0ad83a619f120b3ac73816770f94433d (diff) | |
download | gitlab-ce-f4fbe9d60f1591a4900c9df5434bc41f86afb36b.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee
-rw-r--r-- | Gemfile.lock | 2 | ||||
-rw-r--r-- | app/services/issues/base_service.rb | 3 | ||||
-rw-r--r-- | spec/services/issues/create_service_spec.rb | 21 | ||||
-rw-r--r-- | spec/services/issues/update_service_spec.rb | 25 |
4 files changed, 50 insertions, 1 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 351e7ec94a6..ac21ea32dc2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -791,7 +791,7 @@ GEM nenv (~> 0.1) shellany (~> 0.0) numerizer (0.2.0) - oauth (0.5.4) + oauth (0.5.6) oauth2 (1.4.4) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb index 72e906e20f1..dae1e557249 100644 --- a/app/services/issues/base_service.rb +++ b/app/services/issues/base_service.rb @@ -47,6 +47,9 @@ module Issues params.delete(:created_at) unless moved_issue || current_user.can?(:set_issue_created_at, project) params.delete(:updated_at) unless moved_issue || current_user.can?(:set_issue_updated_at, project) + # Only users with permission to handle error data can add it to issues + params.delete(:sentry_issue_attributes) unless current_user.can?(:update_sentry_issue, project) + issue.system_note_timestamp = params[:created_at] || params[:updated_at] end diff --git a/spec/services/issues/create_service_spec.rb b/spec/services/issues/create_service_spec.rb index 9c84242d8ae..f52e86b3f4d 100644 --- a/spec/services/issues/create_service_spec.rb +++ b/spec/services/issues/create_service_spec.rb @@ -224,6 +224,27 @@ RSpec.describe Issues::CreateService do end end + context 'when sentry identifier is given' do + before do + sentry_attributes = { sentry_issue_attributes: { sentry_issue_identifier: 42 } } + opts.merge!(sentry_attributes) + end + + context 'user is a guest' do + before do + project.add_guest(user) + end + + it 'does not assign the sentry error' do + expect(issue.sentry_issue).to eq(nil) + end + end + + it 'assigns the sentry error' do + expect(issue.sentry_issue).to be_kind_of(SentryIssue) + end + end + it 'executes issue hooks when issue is not confidential' do opts = { title: 'Title', description: 'Description', confidential: false } diff --git a/spec/services/issues/update_service_spec.rb b/spec/services/issues/update_service_spec.rb index 8c97dd95ced..7f31e8466cd 100644 --- a/spec/services/issues/update_service_spec.rb +++ b/spec/services/issues/update_service_spec.rb @@ -82,6 +82,31 @@ RSpec.describe Issues::UpdateService, :mailer do expect(issue.milestone).to eq milestone end + context 'when sentry identifier is given' do + before do + sentry_attributes = { sentry_issue_attributes: { sentry_issue_identifier: 42 } } + opts.merge!(sentry_attributes) + end + + it 'assigns the sentry error' do + update_issue(opts) + + expect(issue.sentry_issue).to be_kind_of(SentryIssue) + end + + context 'user is a guest' do + before do + project.add_guest(user) + end + + it 'does not assign the sentry error' do + update_issue(opts) + + expect(issue.sentry_issue).to eq(nil) + end + end + end + context 'when issue type is not incident' do it 'returns default severity' do update_issue(opts) |