Skip to content

G
gitlab-ce
Commit 9994aa1c authored by Nick Thomas's avatar Nick Thomas
Browse files
Options

Block empty params to MR target branch autocompletion

parent 631f2a49
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 6 deletions
app/controllers/autocomplete_controller.rb
View file @ 9994aa1c
...@@ -53,7 +53,7 @@ class AutocompleteController < ApplicationController ...@@ -53,7 +53,7 @@ class AutocompleteController < ApplicationController
private private
def target_branch_params def target_branch_params
params.permit(:group_id, :project_id) params.permit(:group_id, :project_id).select { |_, v| v.present? }
end end
end end
......
spec/controllers/autocomplete_controller_spec.rb
View file @ 9994aa1c
...@@ -391,15 +391,26 @@ describe AutocompleteController do ...@@ -391,15 +391,26 @@ describe AutocompleteController do
end end
context 'user with an accessible merge request but no scope' do context 'user with an accessible merge request but no scope' do
where(
params: [
{},
{ group_id: ' ' },
{ project_id: ' ' },
{ group_id: ' ', project_id: ' ' }
]
)
with_them do
it 'returns an error' do it 'returns an error' do
sign_in(user) sign_in(user)
get :merge_request_target_branches get :merge_request_target_branches, params: params
expect(response).to have_gitlab_http_status(400) expect(response).to have_gitlab_http_status(400)
expect(json_response).to eq({ 'error' => 'At least one of group_id or project_id must be specified' }) expect(json_response).to eq({ 'error' => 'At least one of group_id or project_id must be specified' })
end end
end end
end
context 'user with an accessible merge request by project' do context 'user with an accessible merge request by project' do
it 'returns json' do it 'returns json' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7