diff options
author | Robert Speicher <robert@gitlab.com> | 2018-01-05 17:53:31 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-01-16 17:04:38 -0800 |
commit | 8f4b06137577f868ffaa41d10c27aa1e763bc825 (patch) | |
tree | 26729d296b21930b17b1730292ac7d4ea59c9cc4 /app/controllers | |
parent | 6846b70dd499f5aeee6936b3f9604fe42cafe87a (diff) | |
download | gitlab-ce-8f4b06137577f868ffaa41d10c27aa1e763bc825.tar.gz |
Merge branch 'milestones-finder-order-fix' into 'security-10-3'
Remove order param from the MilestoneFinder
See merge request gitlab/gitlabhq!2259
(cherry picked from commit 14408042e78f2ebc2644f956621b461dbfa3d36d)
155881e7 Remove order param from the MilestoneFinder
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/groups/milestones_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/projects/milestones_controller.rb | 14 |
2 files changed, 12 insertions, 8 deletions
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb index f013d21275e..acf6aaf57f4 100644 --- a/app/controllers/groups/milestones_controller.rb +++ b/app/controllers/groups/milestones_controller.rb @@ -75,8 +75,6 @@ class Groups::MilestonesController < Groups::ApplicationController end def milestones - search_params = params.merge(group_ids: group.id) - milestones = MilestonesFinder.new(search_params).execute legacy_milestones = GroupMilestone.build_collection(group, group_projects, params) @@ -94,4 +92,8 @@ class Groups::MilestonesController < Groups::ApplicationController render_404 unless @milestone end + + def search_params + params.permit(:state).merge(group_ids: group.id) + end end diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb index 980bbf699b6..0f70efbce40 100644 --- a/app/controllers/projects/milestones_controller.rb +++ b/app/controllers/projects/milestones_controller.rb @@ -92,12 +92,6 @@ class Projects::MilestonesController < Projects::ApplicationController def milestones @milestones ||= begin - if @project.group && can?(current_user, :read_group, @project.group) - group = @project.group - end - - search_params = params.merge(project_ids: @project.id, group_ids: group&.id) - MilestonesFinder.new(search_params).execute end end @@ -113,4 +107,12 @@ class Projects::MilestonesController < Projects::ApplicationController def milestone_params params.require(:milestone).permit(:title, :description, :start_date, :due_date, :state_event) end + + def search_params + if @project.group && can?(current_user, :read_group, @project.group) + group = @project.group + end + + params.permit(:state).merge(project_ids: @project.id, group_ids: group&.id) + end end |