Commit 53aa45ad authored by GitLab Bot's avatar GitLab Bot

Automatic merge of gitlab-org/gitlab-ce master

parents 2c973227 5b154daf
......@@ -53,6 +53,7 @@ class IssuableFinder
assignee_username
author_id
author_username
label_name
milestone_title
my_reaction_emoji
search
......
---
title: Fix filtering of labels from system note link
merge_request: 27507
author:
type: fixed
......@@ -108,6 +108,14 @@ describe IssuableCollections do
end
describe '#finder_options' do
before do
allow(controller).to receive(:cookies).and_return({})
allow(controller).to receive(:current_user).and_return(nil)
end
subject { controller.send(:finder_options).to_h }
context 'scalar params' do
let(:params) do
{
assignee_id: '1',
......@@ -119,7 +127,7 @@ describe IssuableCollections do
due_date: '2017-01-01',
group_id: '3',
iids: '4',
label_name: ['foo'],
label_name: 'foo',
milestone_title: 'bar',
my_reaction_emoji: 'thumbsup',
non_archived: 'true',
......@@ -133,18 +141,13 @@ describe IssuableCollections do
end
it 'only allows whitelisted params' do
allow(controller).to receive(:cookies).and_return({})
allow(controller).to receive(:current_user).and_return(nil)
finder_options = controller.send(:finder_options)
expect(finder_options).to eq(ActionController::Parameters.new({
is_expected.to include({
'assignee_id' => '1',
'assignee_username' => 'user1',
'author_id' => '2',
'author_username' => 'user2',
'confidential' => true,
'label_name' => ['foo'],
'label_name' => 'foo',
'milestone_title' => 'bar',
'my_reaction_emoji' => 'thumbsup',
'due_date' => '2017-01-01',
......@@ -152,7 +155,30 @@ describe IssuableCollections do
'search' => 'baz',
'sort' => 'priority',
'state' => 'opened'
}).permit!)
})
is_expected.not_to include('invalid_param')
end
end
context 'array params' do
let(:params) do
{
assignee_username: %w[user1 user2],
label_name: %w[label1 label2],
invalid_param: 'invalid_param',
invalid_array: ['param']
}
end
it 'only allows whitelisted params' do
is_expected.to include({
'label_name' => %w[label1 label2],
'assignee_username' => %w[user1 user2]
})
is_expected.not_to include('invalid_param', 'invalid_array')
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment