Skip to content

G
gitlab-ce
Commit b0bd8555 authored by Mayra Cabrera's avatar Mayra Cabrera
Browse files
Options

Merge branch '31830-autocomplete-controller-mk-2' into 'master' 

Block empty params to MR target branch autocompletion

Closes #31830

See merge request gitlab-org/gitlab!21748
parents 0b2ac1eb 9994aa1c
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 6 deletions
app/controllers/autocomplete_controller.rb
View file @ b0bd8555
......@@ -53,7 +53,7 @@ class AutocompleteController < ApplicationController
private
def target_branch_params
params.permit(:group_id, :project_id)
params.permit(:group_id, :project_id).select { |_, v| v.present? }
end
end
......
spec/controllers/autocomplete_controller_spec.rb
View file @ b0bd8555
......@@ -391,13 +391,24 @@ describe AutocompleteController do
end
context 'user with an accessible merge request but no scope' do
it 'returns an error' do
sign_in(user)
where(
params: [
{},
{ group_id: ' ' },
{ project_id: ' ' },
{ group_id: ' ', project_id: ' ' }
]
)
with_them do
it 'returns an error' do
sign_in(user)
get :merge_request_target_branches
get :merge_request_target_branches, params: params
expect(response).to have_gitlab_http_status(400)
expect(json_response).to eq({ 'error' => 'At least one of group_id or project_id must be specified' })
expect(response).to have_gitlab_http_status(400)
expect(json_response).to eq({ 'error' => 'At least one of group_id or project_id must be specified' })
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7