From cbc90565b55d89704d64bc48db323b82b739a873 Mon Sep 17 00:00:00 2001 From: Robert Schilling Date: Thu, 14 Aug 2014 10:17:52 +0200 Subject: Do label validation for issues/merge requests API --- lib/api/issues.rb | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'lib/api/issues.rb') diff --git a/lib/api/issues.rb b/lib/api/issues.rb index b29118b2fd8..055529ccbd8 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -51,12 +51,18 @@ module API required_attributes! [:title] attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id] + # Validate label names in advance + if validate_label_params(params) + return render_api_error!('Label names invalid', 405) + end + issue = ::Issues::CreateService.new(user_project, current_user, attrs).execute if issue.valid? - # Find or create labels and attach to issue + # Find or create labels and attach to issue. Labels are valid because + # we already checked its name, so there can't be an error here if params[:labels].present? - issue.add_labels_by_names(params[:labels].split(",")) + issue.add_labels_by_names(params[:labels].split(',')) end present issue, with: Entities::Issue @@ -83,12 +89,19 @@ module API authorize! :modify_issue, issue attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id, :state_event] + # Validate label names in advance + if validate_label_params(params) + return render_api_error!('Label names invalid', 405) + end + issue = ::Issues::UpdateService.new(user_project, current_user, attrs).execute(issue) if issue.valid? - # Find or create labels and attach to issue + # Find or create labels and attach to issue. Labels are valid because + # we already checked its name, so there can't be an error here if params[:labels].present? - issue.add_labels_by_names(params[:labels].split(",")) + # Create and add labels to the new created issue + issue.add_labels_by_names(params[:labels].split(',')) end present issue, with: Entities::Issue -- cgit v1.2.1