Merge branch '60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues' into 'master'

Adds `label_name` back as a scalar param in `IssuableFinder` Closes #60569 See merge request gitlab-org/gitlab-ce!27507

Merge branch '60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues' into 'master'
Adds `label_name` back as a scalar param in `IssuableFinder` Closes #60569 See merge request gitlab-org/gitlab-ce!27507
5b154daf · Kamil Trzciński · 758f2eb3 · ff627511 · 5b154daf · 5b154daf
Commit 5b154daf authored Apr 23, 2019 by Kamil Trzciński
3 changed files
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -53,6 +53,7 @@ class IssuableFinder
      assignee_username
      author_id
      author_username
+      label_name
      milestone_title
      my_reaction_emoji
      search

--- a/changelogs/unreleased/60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues.yml
+++ b/changelogs/unreleased/60569-timeline-entry-label-link-is-not-applying-the-filter-on-issues.yml
+---
+title: Fix filtering of labels from system note link
+merge_request: 27507
+author:
+type: fixed
--- a/spec/controllers/concerns/issuable_collections_spec.rb
+++ b/spec/controllers/concerns/issuable_collections_spec.rb
@@ -108,6 +108,14 @@ describe IssuableCollections do
  end

  describe '#finder_options' do
+    before do
+      allow(controller).to receive(:cookies).and_return({})
+      allow(controller).to receive(:current_user).and_return(nil)
+    end
+
+    subject { controller.send(:finder_options).to_h }
+
+    context 'scalar params' do
      let(:params) do
        {
          assignee_id: '1',
@@ -119,7 +127,7 @@ describe IssuableCollections do
          due_date: '2017-01-01',
          group_id: '3',
          iids: '4',
-        label_name: ['foo'],
+          label_name: 'foo',
          milestone_title: 'bar',
          my_reaction_emoji: 'thumbsup',
          non_archived: 'true',
@@ -133,18 +141,13 @@ describe IssuableCollections do
      end

      it 'only allows whitelisted params' do
-      allow(controller).to receive(:cookies).and_return({})
-      allow(controller).to receive(:current_user).and_return(nil)
-
-      finder_options = controller.send(:finder_options)
-
-      expect(finder_options).to eq(ActionController::Parameters.new({
+        is_expected.to include({
          'assignee_id' => '1',
          'assignee_username' => 'user1',
          'author_id' => '2',
          'author_username' => 'user2',
          'confidential' => true,
-        'label_name' => ['foo'],
+          'label_name' => 'foo',
          'milestone_title' => 'bar',
          'my_reaction_emoji' => 'thumbsup',
          'due_date' => '2017-01-01',
@@ -152,7 +155,30 @@ describe IssuableCollections do
          'search' => 'baz',
          'sort' => 'priority',
          'state' => 'opened'
-      }).permit!)
+        })
+
+        is_expected.not_to include('invalid_param')
+      end
+    end
+
+    context 'array params' do
+      let(:params) do
+        {
+          assignee_username: %w[user1 user2],
+          label_name: %w[label1 label2],
+          invalid_param: 'invalid_param',
+          invalid_array: ['param']
+        }
+      end
+
+      it 'only allows whitelisted params' do
+        is_expected.to include({
+          'label_name' => %w[label1 label2],
+          'assignee_username' => %w[user1 user2]
+        })
+
+        is_expected.not_to include('invalid_param', 'invalid_array')
+      end
    end
  end
 end