Commit 53aa45ad authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents 2c973227 5b154daf
...@@ -53,6 +53,7 @@ class IssuableFinder ...@@ -53,6 +53,7 @@ class IssuableFinder
assignee_username assignee_username
author_id author_id
author_username author_username
label_name
milestone_title milestone_title
my_reaction_emoji my_reaction_emoji
search search
......
---
title: Fix filtering of labels from system note link
merge_request: 27507
author:
type: fixed
...@@ -108,6 +108,14 @@ describe IssuableCollections do ...@@ -108,6 +108,14 @@ describe IssuableCollections do
end end
describe '#finder_options' do describe '#finder_options' do
before do
allow(controller).to receive(:cookies).and_return({})
allow(controller).to receive(:current_user).and_return(nil)
end
subject { controller.send(:finder_options).to_h }
context 'scalar params' do
let(:params) do let(:params) do
{ {
assignee_id: '1', assignee_id: '1',
...@@ -119,7 +127,7 @@ describe IssuableCollections do ...@@ -119,7 +127,7 @@ describe IssuableCollections do
due_date: '2017-01-01', due_date: '2017-01-01',
group_id: '3', group_id: '3',
iids: '4', iids: '4',
label_name: ['foo'], label_name: 'foo',
milestone_title: 'bar', milestone_title: 'bar',
my_reaction_emoji: 'thumbsup', my_reaction_emoji: 'thumbsup',
non_archived: 'true', non_archived: 'true',
...@@ -133,18 +141,13 @@ describe IssuableCollections do ...@@ -133,18 +141,13 @@ describe IssuableCollections do
end end
it 'only allows whitelisted params' do it 'only allows whitelisted params' do
allow(controller).to receive(:cookies).and_return({}) is_expected.to include({
allow(controller).to receive(:current_user).and_return(nil)
finder_options = controller.send(:finder_options)
expect(finder_options).to eq(ActionController::Parameters.new({
'assignee_id' => '1', 'assignee_id' => '1',
'assignee_username' => 'user1', 'assignee_username' => 'user1',
'author_id' => '2', 'author_id' => '2',
'author_username' => 'user2', 'author_username' => 'user2',
'confidential' => true, 'confidential' => true,
'label_name' => ['foo'], 'label_name' => 'foo',
'milestone_title' => 'bar', 'milestone_title' => 'bar',
'my_reaction_emoji' => 'thumbsup', 'my_reaction_emoji' => 'thumbsup',
'due_date' => '2017-01-01', 'due_date' => '2017-01-01',
...@@ -152,7 +155,30 @@ describe IssuableCollections do ...@@ -152,7 +155,30 @@ describe IssuableCollections do
'search' => 'baz', 'search' => 'baz',
'sort' => 'priority', 'sort' => 'priority',
'state' => 'opened' 'state' => 'opened'
}).permit!) })
is_expected.not_to include('invalid_param')
end
end
context 'array params' do
let(:params) do
{
assignee_username: %w[user1 user2],
label_name: %w[label1 label2],
invalid_param: 'invalid_param',
invalid_array: ['param']
}
end
it 'only allows whitelisted params' do
is_expected.to include({
'label_name' => %w[label1 label2],
'assignee_username' => %w[user1 user2]
})
is_expected.not_to include('invalid_param', 'invalid_array')
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment