summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorJarka Košanová <jarka@gitlab.com>2019-01-14 11:46:39 +0100
committerJarka Košanová <jarka@gitlab.com>2019-02-13 11:02:15 +0100
commit62cec519246e30582993b1a7ea27bd35f7028bdc (patch)
tree44c394a9fe476f1bf4e174e13e5b3b094426ddea /app
parentc5b5b18b3f1c5b683ceb4471e667d675de9200eb (diff)
downloadgitlab-ce-62cec519246e30582993b1a7ea27bd35f7028bdc.tar.gz
Check issue milestone availability
Add project when creating milestone in specs We validate milestone is from the same project/parent group as issuable -> we need to set project in specs correctly Improve methods names and specs organization
Diffstat (limited to 'app')
-rw-r--r--app/models/concerns/issuable.rb11
-rw-r--r--app/models/merge_request.rb7
-rw-r--r--app/services/issuable_base_service.rb6
-rw-r--r--app/services/issues/build_service.rb4
-rw-r--r--app/services/merge_requests/build_service.rb1
5 files changed, 24 insertions, 5 deletions
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index 0d363ec68b7..f80981be01d 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -74,6 +74,7 @@ module Issuable
validates :author, presence: true
validates :title, presence: true, length: { maximum: 255 }
+ validate :milestone_is_valid
scope :authored, ->(user) { where(author_id: user) }
scope :recent, -> { reorder(id: :desc) }
@@ -117,6 +118,16 @@ module Issuable
def has_multiple_assignees?
assignees.count > 1
end
+
+ def milestone_available?
+ project_id == milestone&.project_id || project.ancestors_upto.compact.include?(milestone&.group)
+ end
+
+ private
+
+ def milestone_is_valid
+ errors.add(:milestone_id, message: "is invalid") if milestone_id.present? && !milestone_available?
+ end
end
class_methods do
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 237b01636fb..e4bc26a3b81 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -187,6 +187,9 @@ class MergeRequest < ActiveRecord::Base
after_save :keep_around_commit
+ alias_attribute :project, :target_project
+ alias_attribute :project_id, :target_project_id
+
def self.reference_prefix
'!'
end
@@ -825,10 +828,6 @@ class MergeRequest < ActiveRecord::Base
target_project != source_project
end
- def project
- target_project
- end
-
# If the merge request closes any issues, save this information in the
# `MergeRequestsClosingIssues` model. This is a performance optimization.
# Calculating this information for a number of merge requests requires
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb
index c7e7bb55e4b..9fae5790edb 100644
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -328,4 +328,10 @@ class IssuableBaseService < BaseService
def parent
project
end
+
+ # we need to check this because milestone from milestone_id param is displayed on "new" page
+ # where private project milestone could leak without this check
+ def ensure_milestone_available(issuable)
+ issuable.milestone_id = nil unless issuable.milestone_available?
+ end
end
diff --git a/app/services/issues/build_service.rb b/app/services/issues/build_service.rb
index 52b45f1b2ce..77724e78972 100644
--- a/app/services/issues/build_service.rb
+++ b/app/services/issues/build_service.rb
@@ -6,7 +6,9 @@ module Issues
def execute
filter_resolve_discussion_params
- @issue = project.issues.new(issue_params)
+ @issue = project.issues.new(issue_params).tap do |issue|
+ ensure_milestone_available(issue)
+ end
end
def issue_params_with_info_from_discussions
diff --git a/app/services/merge_requests/build_service.rb b/app/services/merge_requests/build_service.rb
index 48419da98ad..109c964e577 100644
--- a/app/services/merge_requests/build_service.rb
+++ b/app/services/merge_requests/build_service.rb
@@ -19,6 +19,7 @@ module MergeRequests
merge_request.target_project = find_target_project
merge_request.target_branch = find_target_branch
merge_request.can_be_created = projects_and_branches_valid?
+ ensure_milestone_available(merge_request)
# compare branches only if branches are valid, otherwise
# compare_branches may raise an error