Commit 1d4d48f0 authored by Filip's avatar Filip Committed by Jan Provaznik

Add validation for updated_at params on API issues update

don't allow set blank value for updated_at parameter
parent e8ac9eef
---
title: Add validation for updated_at parameter in update Issue API
merge_request: 25201
author: Filip Stybel
type: fixed
...@@ -647,7 +647,7 @@ POST /projects/:id/issues ...@@ -647,7 +647,7 @@ POST /projects/:id/issues
| `iid` | integer/string | no | The internal ID of the project's issue (requires admin or project owner rights) | | `iid` | integer/string | no | The internal ID of the project's issue (requires admin or project owner rights) |
| `title` | string | yes | The title of an issue | | `title` | string | yes | The title of an issue |
| `description` | string | no | The description of an issue. Limited to 1,048,576 characters. | | `description` | string | no | The description of an issue. Limited to 1,048,576 characters. |
| `confidential` | boolean | no | Set an issue to be confidential. Default is `false`. | | `confidential` | Boolean | no | Set an issue to be confidential. Default is `false`. |
| `assignee_ids` | integer array | no | The ID of a user to assign issue | | `assignee_ids` | integer array | no | The ID of a user to assign issue |
| `milestone_id` | integer | no | The global ID of a milestone to assign issue | | `milestone_id` | integer | no | The global ID of a milestone to assign issue |
| `labels` | string | no | Comma-separated label names for an issue | | `labels` | string | no | Comma-separated label names for an issue |
...@@ -755,15 +755,15 @@ PUT /projects/:id/issues/:issue_iid ...@@ -755,15 +755,15 @@ PUT /projects/:id/issues/:issue_iid
| `issue_iid` | integer | yes | The internal ID of a project's issue | | `issue_iid` | integer | yes | The internal ID of a project's issue |
| `title` | string | no | The title of an issue | | `title` | string | no | The title of an issue |
| `description` | string | no | The description of an issue. Limited to 1,048,576 characters. | | `description` | string | no | The description of an issue. Limited to 1,048,576 characters. |
| `confidential` | boolean | no | Updates an issue to be confidential | | `confidential` | Boolean | no | Updates an issue to be confidential |
| `assignee_ids` | integer array | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. | | `assignee_ids` | integer array | no | The ID of the user(s) to assign the issue to. Set to `0` or provide an empty value to unassign all assignees. |
| `milestone_id` | integer | no | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.| | `milestone_id` | integer | no | The global ID of a milestone to assign the issue to. Set to `0` or provide an empty value to unassign a milestone.|
| `labels` | string | no | Comma-separated label names for an issue. Set to an empty string to unassign all labels. | | `labels` | string | no | Comma-separated label names for an issue. Set to an empty string to unassign all labels. |
| `state_event` | string | no | The state event of an issue. Set `close` to close the issue and `reopen` to reopen it | | `state_event` | string | no | The state event of an issue. Set `close` to close the issue and `reopen` to reopen it |
| `updated_at` | string | no | Date time string, ISO 8601 formatted, e.g. `2016-03-11T03:45:40Z` (requires admin or project owner rights) | | `updated_at` | string | no | Date time string, ISO 8601 formatted, e.g. `2016-03-11T03:45:40Z` (requires admin or project owner rights). Empty string or null values are not accepted.|
| `due_date` | string | no | Date time string in the format YEAR-MONTH-DAY, e.g. `2016-03-11` | | `due_date` | string | no | Date time string in the format YEAR-MONTH-DAY, e.g. `2016-03-11` |
| `weight` **(STARTER)** | integer | no | The weight of the issue. Valid values are greater than or equal to 0. 0 | | `weight` **(STARTER)** | integer | no | The weight of the issue. Valid values are greater than or equal to 0. 0 |
| `discussion_locked` | boolean | no | Flag indicating if the issue's discussion is locked. If the discussion is locked only project members can add or edit comments. | | `discussion_locked` | Boolean | no | Flag indicating if the issue's discussion is locked. If the discussion is locked only project members can add or edit comments. |
| `epic_id` **(ULTIMATE)** | integer | no | ID of the epic to add the issue to. Valid values are greater than or equal to 0. | | `epic_id` **(ULTIMATE)** | integer | no | ID of the epic to add the issue to. Valid values are greater than or equal to 0. |
| `epic_iid` **(ULTIMATE)** | integer | no | IID of the epic to add the issue to. Valid values are greater than or equal to 0. (deprecated, [will be removed in 13.0](https://gitlab.com/gitlab-org/gitlab/issues/35157)) | | `epic_iid` **(ULTIMATE)** | integer | no | IID of the epic to add the issue to. Valid values are greater than or equal to 0. (deprecated, [will be removed in 13.0](https://gitlab.com/gitlab-org/gitlab/issues/35157)) |
...@@ -851,9 +851,14 @@ the `weight` parameter: ...@@ -851,9 +851,14 @@ the `weight` parameter:
} }
``` ```
**Note**: `assignee` column is deprecated, now we show it as a single-sized array `assignees` to conform to the GitLab EE API. NOTE: **Note:**
At least one of following parameters is required to be passed for the request to be successful: `:assignee_id`, `:assignee_ids`, `:confidential`, `:created_at`, `:description`, `:discussion_locked`, `:due_date`, `:labels`, `:milestone_id`, `:state_event`, or `:title`.
**Note**: The `closed_by` attribute was [introduced in GitLab 10.6][ce-17042]. This value will only be present for issues which were closed after GitLab 10.6 and when the user account that closed the issue still exists. NOTE: **Note**:
`assignee` column is deprecated. We now show it as a single-sized array `assignees` to conform to the GitLab EE API.
NOTE: **Note**:
The `closed_by` attribute was [introduced in GitLab 10.6][ce-17042]. This value will only be present for issues which were closed after GitLab 10.6 and when the user account that closed the issue still exists.
## Delete an issue ## Delete an issue
......
...@@ -247,6 +247,7 @@ module API ...@@ -247,6 +247,7 @@ module API
requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue' requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue'
optional :title, type: String, desc: 'The title of an issue' optional :title, type: String, desc: 'The title of an issue'
optional :updated_at, type: DateTime, optional :updated_at, type: DateTime,
allow_blank: false,
desc: 'Date time when the issue was updated. Available only for admins and project owners.' desc: 'Date time when the issue was updated. Available only for admins and project owners.'
optional :state_event, type: String, values: %w[reopen close], desc: 'State of the issue' optional :state_event, type: String, values: %w[reopen close], desc: 'State of the issue'
use :issue_params use :issue_params
......
...@@ -4,8 +4,9 @@ require 'spec_helper' ...@@ -4,8 +4,9 @@ require 'spec_helper'
describe API::Issues do describe API::Issues do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:owner) { create(:owner) }
let_it_be(:project, reload: true) do let_it_be(:project, reload: true) do
create(:project, :public, creator_id: user.id, namespace: user.namespace) create(:project, :public, creator_id: owner.id, namespace: owner.namespace)
end end
let(:user2) { create(:user) } let(:user2) { create(:user) }
...@@ -97,7 +98,7 @@ describe API::Issues do ...@@ -97,7 +98,7 @@ describe API::Issues do
labels: 'label, label?, label&foo, ?, &' labels: 'label, label?, label&foo, ?, &'
} }
expect(response.status).to eq(200) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['labels']).to include 'label' expect(json_response['labels']).to include 'label'
expect(json_response['labels']).to include 'label?' expect(json_response['labels']).to include 'label?'
expect(json_response['labels']).to include 'label&foo' expect(json_response['labels']).to include 'label&foo'
...@@ -112,7 +113,7 @@ describe API::Issues do ...@@ -112,7 +113,7 @@ describe API::Issues do
labels: ['label', 'label?', 'label&foo, ?, &'] labels: ['label', 'label?', 'label&foo, ?, &']
} }
expect(response.status).to eq(200) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['labels']).to include 'label' expect(json_response['labels']).to include 'label'
expect(json_response['labels']).to include 'label?' expect(json_response['labels']).to include 'label?'
expect(json_response['labels']).to include 'label&foo' expect(json_response['labels']).to include 'label&foo'
...@@ -349,7 +350,7 @@ describe API::Issues do ...@@ -349,7 +350,7 @@ describe API::Issues do
it 'allows special label names' do it 'allows special label names' do
put api("/projects/#{project.id}/issues/#{issue.iid}", user), put api("/projects/#{project.id}/issues/#{issue.iid}", user),
params: { labels: 'label:foo, label-bar,label_bar,label/bar,label?bar,label&bar,?,&' } params: { labels: 'label:foo, label-bar,label_bar,label/bar,label?bar,label&bar,?,&' }
expect(response.status).to eq(200) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['labels']).to include 'label:foo' expect(json_response['labels']).to include 'label:foo'
expect(json_response['labels']).to include 'label-bar' expect(json_response['labels']).to include 'label-bar'
expect(json_response['labels']).to include 'label_bar' expect(json_response['labels']).to include 'label_bar'
...@@ -363,7 +364,7 @@ describe API::Issues do ...@@ -363,7 +364,7 @@ describe API::Issues do
it 'allows special label names with labels param as array' do it 'allows special label names with labels param as array' do
put api("/projects/#{project.id}/issues/#{issue.iid}", user), put api("/projects/#{project.id}/issues/#{issue.iid}", user),
params: { labels: ['label:foo', 'label-bar', 'label_bar', 'label/bar,label?bar,label&bar,?,&'] } params: { labels: ['label:foo', 'label-bar', 'label_bar', 'label/bar,label?bar,label&bar,?,&'] }
expect(response.status).to eq(200) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['labels']).to include 'label:foo' expect(json_response['labels']).to include 'label:foo'
expect(json_response['labels']).to include 'label-bar' expect(json_response['labels']).to include 'label-bar'
expect(json_response['labels']).to include 'label_bar' expect(json_response['labels']).to include 'label_bar'
...@@ -400,15 +401,49 @@ describe API::Issues do ...@@ -400,15 +401,49 @@ describe API::Issues do
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['state']).to eq 'opened' expect(json_response['state']).to eq 'opened'
end end
end
context 'when an admin or owner makes the request' do describe 'PUT /projects/:id/issues/:issue_iid to update updated_at param' do
context 'when reporter makes request' do
it 'accepts the update date to be set' do it 'accepts the update date to be set' do
update_time = 2.weeks.ago update_time = 2.weeks.ago
put api("/projects/#{project.id}/issues/#{issue.iid}", user), put api("/projects/#{project.id}/issues/#{issue.iid}", user),
params: { labels: 'label3', state_event: 'close', updated_at: update_time } params: { title: 'some new title', updated_at: update_time }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['title']).to include 'some new title'
expect(Time.parse(json_response['updated_at'])).not_to be_like_time(update_time)
end
end
context 'when admin or owner makes the request' do
it 'not allow to set null for updated_at' do
put api("/projects/#{project.id}/issues/#{issue.iid}", owner), params: { updated_at: nil }
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'not allow to set blank for updated_at' do
put api("/projects/#{project.id}/issues/#{issue.iid}", owner), params: { updated_at: '' }
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'not allow to set invalid format for updated_at' do
put api("/projects/#{project.id}/issues/#{issue.iid}", owner), params: { updated_at: 'invalid-format' }
expect(response).to have_gitlab_http_status(:bad_request)
end
it 'accepts the update date to be set' do
update_time = 2.weeks.ago
put api("/projects/#{project.id}/issues/#{issue.iid}", owner),
params: { title: 'some new title', updated_at: update_time }
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
expect(json_response['labels']).to include 'label3' expect(json_response['title']).to include 'some new title'
expect(Time.parse(json_response['updated_at'])).to be_like_time(update_time) expect(Time.parse(json_response['updated_at'])).to be_like_time(update_time)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment