Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
83ece312
Commit
83ece312
authored
Nov 14, 2018
by
Heinrich Lee Yu
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor whitelisting of filter params
parent
048db426
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
30 additions
and
79 deletions
+30
-79
app/controllers/concerns/issuable_collections.rb
app/controllers/concerns/issuable_collections.rb
+16
-21
app/controllers/concerns/merge_requests_action.rb
app/controllers/concerns/merge_requests_action.rb
+1
-1
app/controllers/dashboard_controller.rb
app/controllers/dashboard_controller.rb
+4
-13
app/finders/issuable_finder.rb
app/finders/issuable_finder.rb
+3
-11
app/helpers/application_helper.rb
app/helpers/application_helper.rb
+1
-18
ee/app/helpers/ee/application_helper.rb
ee/app/helpers/ee/application_helper.rb
+0
-5
spec/controllers/concerns/issuable_collections_spec.rb
spec/controllers/concerns/issuable_collections_spec.rb
+5
-10
No files found.
app/controllers/concerns/issuable_collections.rb
View file @
83ece312
...
...
@@ -81,38 +81,33 @@ module IssuableCollections
end
def
issuable_finder_for
(
finder_class
)
finder_class
.
new
(
current_user
,
fi
lter_param
s
)
finder_class
.
new
(
current_user
,
fi
nder_option
s
)
end
# rubocop:disable Gitlab/ModuleWithInstanceVariables
# rubocop: disable CodeReuse/ActiveRecord
def
filter_params
set_sort_order_from_cookie
set_default_state
# Skip irrelevant Rails routing params
@filter_params
=
params
.
dup
.
except
(
:controller
,
:action
,
:namespace_id
)
@filter_params
[
:sort
]
||=
default_sort_order
def
finder_options
options
=
{
scope:
params
[
:scope
],
state:
params
[
:state
].
presence
||
'opened'
,
sort:
set_sort_order_from_cookie
||
default_sort_order
}
@sort
=
@filter_params
[
:sort
]
# Used by view to highlight active option
params
[
:state
]
=
options
[
:state
]
@sort
=
options
[
:sort
]
if
@project
@filter_param
s
[
:project_id
]
=
@project
.
id
option
s
[
:project_id
]
=
@project
.
id
elsif
@group
@filter_param
s
[
:group_id
]
=
@group
.
id
@filter_param
s
[
:include_subgroups
]
=
true
@filter_param
s
[
:use_cte_for_search
]
=
true
option
s
[
:group_id
]
=
@group
.
id
option
s
[
:include_subgroups
]
=
true
option
s
[
:use_cte_for_search
]
=
true
end
@filter_params
.
permit
(
finder_type
.
valid_param
s
)
params
.
permit
(
finder_type
.
valid_params
).
merge
(
option
s
)
end
# rubocop: enable CodeReuse/ActiveRecord
# rubocop:enable Gitlab/ModuleWithInstanceVariables
def
set_default_state
params
[
:state
]
=
'opened'
if
params
[
:state
].
blank?
end
def
set_sort_order_from_cookie
sort_param
=
params
[
:sort
]
if
params
[
:sort
].
present?
# fallback to legacy cookie value for backward compatibility
...
...
@@ -121,7 +116,7 @@ module IssuableCollections
sort_value
=
update_cookie_value
(
sort_param
)
set_secure_cookie
(
remember_sorting_key
,
sort_value
)
params
[
:sort
]
=
sort_value
sort_value
end
def
remember_sorting_key
...
...
app/controllers/concerns/merge_requests_action.rb
View file @
83ece312
...
...
@@ -19,7 +19,7 @@ module MergeRequestsAction
(
MergeRequestsFinder
if
action_name
==
'merge_requests'
)
end
def
fi
lter_param
s
def
fi
nder_option
s
super
.
merge
(
non_archived:
true
)
end
end
app/controllers/dashboard_controller.rb
View file @
83ece312
...
...
@@ -4,18 +4,6 @@ class DashboardController < Dashboard::ApplicationController
include
IssuesAction
include
MergeRequestsAction
FILTER_PARAMS
=
[
# author_id and assignee_id are kept so old RSS links still work
:author_id
,
:assignee_id
,
:author_username
,
:assignee_username
,
:milestone_title
,
:weight
,
:label_name
,
:my_reaction_emoji
].
freeze
before_action
:event_filter
,
only: :activity
before_action
:projects
,
only:
[
:issues
,
:merge_requests
]
before_action
:set_show_full_reference
,
only:
[
:issues
,
:merge_requests
]
...
...
@@ -56,10 +44,13 @@ class DashboardController < Dashboard::ApplicationController
end
def
check_filters_presence!
@no_filters_set
=
FILTER_PARAMS
.
none?
{
|
k
|
params
.
key?
(
k
)
}
@no_filters_set
=
finder_type
.
scalar_params
.
none?
{
|
k
|
params
.
key?
(
k
)
}
return
unless
@no_filters_set
# Call to set selected `state` and `sort` options in view
finder_options
respond_to
do
|
format
|
format
.
html
{
render
}
format
.
atom
{
head
:bad_request
}
...
...
app/finders/issuable_finder.rb
View file @
83ece312
...
...
@@ -14,7 +14,9 @@
# project_id: integer
# milestone_title: string
# author_id: integer
# author_username: string
# assignee_id: integer or 'None' or 'Any'
# assignee_username: string
# search: string
# label_name: string
# sort: string
...
...
@@ -49,25 +51,15 @@ class IssuableFinder
assignee_username
author_id
author_username
authorized_only
group_id
iids
label_name
milestone_title
my_reaction_emoji
non_archived
project_id
scope
search
sort
state
include_subgroups
use_cte_for_search
]
end
def
self
.
array_params
@array_params
||=
{
label_name:
[],
iids:
[],
assignee_username:
[]
}
@array_params
||=
{
label_name:
[],
assignee_username:
[]
}
end
def
self
.
valid_params
...
...
app/helpers/application_helper.rb
View file @
83ece312
...
...
@@ -178,11 +178,7 @@ module ApplicationHelper
without
=
options
.
delete
(
:without
)
add_label
=
options
.
delete
(
:label
)
exist_opts
=
filter_bar_params
.
merge
(
params
.
slice
(
:state
,
:scope
)
)
options
=
exist_opts
.
merge
(
options
)
options
=
request
.
query_parameters
.
merge
(
options
)
if
without
.
present?
without
.
each
do
|
key
|
...
...
@@ -197,19 +193,6 @@ module ApplicationHelper
"
#{
request
.
path
}
?
#{
params
.
to_param
}
"
end
def
filter_bar_params
params
.
slice
(
:assignee_id
,
:assignee_username
,
:author_username
,
:label_name
,
:milestone_title
,
:my_reaction_emoji
,
:wip
,
:search
)
end
def
outdated_browser?
browser
.
ie?
&&
browser
.
version
.
to_i
<
10
end
...
...
ee/app/helpers/ee/application_helper.rb
View file @
83ece312
...
...
@@ -87,11 +87,6 @@ module EE
::
Gitlab
::
CurrentSettings
.
instance_review_permitted?
&&
current_user
&
.
admin?
end
override
:filter_bar_params
def
filter_bar_params
super
.
merge
(
params
.
slice
(
:weight
))
end
private
def
appearance
...
...
spec/controllers/concerns/issuable_collections_spec.rb
View file @
83ece312
...
...
@@ -60,7 +60,7 @@ describe IssuableCollections do
end
end
describe
'#fi
lter_param
s'
do
describe
'#fi
nder_option
s'
do
let
(
:params
)
do
{
assignee_id:
'1'
,
...
...
@@ -84,25 +84,20 @@ describe IssuableCollections do
}
end
it
'
filters
params'
do
it
'
only allows whitelisted
params'
do
allow
(
controller
).
to
receive
(
:cookies
).
and_return
({})
fi
ltered_params
=
controller
.
send
(
:filter_param
s
)
fi
nder_options
=
controller
.
send
(
:finder_option
s
)
expect
(
fi
ltered_param
s
).
to
eq
({
expect
(
fi
nder_option
s
).
to
eq
({
'assignee_id'
=>
'1'
,
'assignee_username'
=>
'user1'
,
'author_id'
=>
'2'
,
'author_username'
=>
'user2'
,
'authorized_only'
=>
'true'
,
'due_date'
=>
'2017-01-01'
,
'group_id'
=>
'3'
,
'iids'
=>
'4'
,
'label_name'
=>
'foo'
,
'milestone_title'
=>
'bar'
,
'my_reaction_emoji'
=>
'thumbsup'
,
'non_archived'
=>
'true'
,
'project_id'
=>
'5'
,
'due_date'
=>
'2017-01-01'
,
'scope'
=>
'all'
,
'search'
=>
'baz'
,
'sort'
=>
'priority'
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment