Commit d554930e authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Remove query whitelist in Boards::IssuesController

parent 63a21c00
...@@ -13,7 +13,7 @@ module Boards ...@@ -13,7 +13,7 @@ module Boards
requires_cross_project_access if: -> { board&.group_board? } requires_cross_project_access if: -> { board&.group_board? }
before_action :whitelist_query_limiting, only: [:index, :update, :bulk_move] before_action :whitelist_query_limiting, only: [:bulk_move]
before_action :authorize_read_issue, only: [:index] before_action :authorize_read_issue, only: [:index]
before_action :authorize_create_issue, only: [:create] before_action :authorize_create_issue, only: [:create]
before_action :authorize_update_issue, only: [:update] before_action :authorize_update_issue, only: [:update]
...@@ -130,8 +130,7 @@ module Boards ...@@ -130,8 +130,7 @@ module Boards
end end
def whitelist_query_limiting def whitelist_query_limiting
# Also see https://gitlab.com/gitlab-org/gitlab-foss/issues/42439 Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab/issues/35174')
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42428')
end end
def validate_id_list def validate_id_list
......
...@@ -2,7 +2,6 @@ ...@@ -2,7 +2,6 @@
class IssueBoardEntity < Grape::Entity class IssueBoardEntity < Grape::Entity
include RequestAwareEntity include RequestAwareEntity
include TimeTrackableEntity
expose :id expose :id
expose :iid expose :iid
......
...@@ -243,9 +243,9 @@ describe Issue do ...@@ -243,9 +243,9 @@ describe Issue do
let!(:board) { create(:board, group: group) } let!(:board) { create(:board, group: group) }
let(:project) { create(:project, namespace: group) } let(:project) { create(:project, namespace: group) }
let(:project1) { create(:project, namespace: group) } let(:project1) { create(:project, namespace: group) }
let(:issue) { create(:issue, project: project) } let(:issue) { build(:issue, project: project) }
let(:issue1) { create(:issue, project: project1) } let(:issue1) { build(:issue, project: project1) }
let(:new_issue) { create(:issue, project: project1) } let(:new_issue) { build(:issue, project: project1, relative_position: nil) }
before do before do
[issue, issue1].each do |issue| [issue, issue1].each do |issue|
......
...@@ -6,6 +6,7 @@ FactoryBot.define do ...@@ -6,6 +6,7 @@ FactoryBot.define do
project project
author { project.creator } author { project.creator }
updated_by { author } updated_by { author }
relative_position { RelativePositioning::START_POSITION }
trait :confidential do trait :confidential do
confidential { true } confidential { true }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment