Whitelist query counts for EE controllers

80cbaad5 · Yorick Peterse · 168739c6 · 80cbaad5 · 80cbaad5 · 80cbaad5
Commit 80cbaad5 authored Feb 02, 2018 by Yorick Peterse
5 changed files
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -8,6 +8,7 @@ class Projects::IssuesController < Projects::ApplicationController
  prepend_before_action :authenticate_user!, only: [:new, :export_csv]
+  before_action :whitelist_query_limiting_ee, only: [:update]
  before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update]
  before_action :check_issues_available!
  before_action :issue, except: [:index, :new, :create, :bulk_update, :export_csv]
@@ -260,4 +261,8 @@ class Projects::IssuesController < Projects::ApplicationController
    # 3. https://gitlab.com/gitlab-org/gitlab-ce/issues/42426
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42422')
  end
+  def whitelist_query_limiting_ee
+    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4794')
+  end
 end
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -9,6 +9,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
  prepend ::EE::Projects::MergeRequestsController
  skip_before_action :merge_request, only: [:index, :bulk_update]
+  before_action :whitelist_query_limiting_ee, only: [:merge, :show]
  before_action :whitelist_query_limiting, only: [:assign_related_issues, :update]
  before_action :authorize_update_issuable!, only: [:close, :edit, :update, :remove_wip, :sort]
  before_action :set_issuables_index, only: [:index]
@@ -354,4 +355,9 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
    # Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/42441
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42438')
  end
+  def whitelist_query_limiting_ee
+    # Also see https://gitlab.com/gitlab-org/gitlab-ee/issues/4793
+    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4792')
+  end
 end
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -181,6 +181,8 @@ module API
      desc 'Remove a group.'
      delete ":id" do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4795')
        group = find_group!(params[:id])
        authorize! :admin_group, group

--- a/lib/api/v3/groups.rb
+++ b/lib/api/v3/groups.rb
@@ -151,6 +151,8 @@ module API
        desc 'Remove a group.'
        delete ":id" do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4797')
          group = find_group!(params[:id])
          authorize! :admin_group, group
          present ::Groups::DestroyService.new(group, current_user).execute, with: Entities::GroupDetail, current_user: current_user

--- a/lib/api/v3/merge_requests.rb
+++ b/lib/api/v3/merge_requests.rb
@@ -200,6 +200,8 @@ module API
            optional :squash, type: Boolean, desc: 'When true, the commits will be squashed into a single commit on merge'
          end
          put "#{path}/merge" do
+            Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4796')
            merge_request = find_project_merge_request(params[:merge_request_id])
            # Merge request can not be merged