Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d554930e
Commit
d554930e
authored
Oct 29, 2019
by
Heinrich Lee Yu
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove query whitelist in Boards::IssuesController
parent
63a21c00
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
6 additions
and
7 deletions
+6
-7
app/controllers/boards/issues_controller.rb
app/controllers/boards/issues_controller.rb
+2
-3
app/serializers/issue_board_entity.rb
app/serializers/issue_board_entity.rb
+0
-1
ee/spec/models/issue_spec.rb
ee/spec/models/issue_spec.rb
+3
-3
spec/factories/issues.rb
spec/factories/issues.rb
+1
-0
No files found.
app/controllers/boards/issues_controller.rb
View file @
d554930e
...
...
@@ -13,7 +13,7 @@ module Boards
requires_cross_project_access
if:
->
{
board
&
.
group_board?
}
before_action
:whitelist_query_limiting
,
only:
[
:
index
,
:update
,
:
bulk_move
]
before_action
:whitelist_query_limiting
,
only:
[
:bulk_move
]
before_action
:authorize_read_issue
,
only:
[
:index
]
before_action
:authorize_create_issue
,
only:
[
:create
]
before_action
:authorize_update_issue
,
only:
[
:update
]
...
...
@@ -130,8 +130,7 @@ module Boards
end
def
whitelist_query_limiting
# Also see https://gitlab.com/gitlab-org/gitlab-foss/issues/42439
Gitlab
::
QueryLimiting
.
whitelist
(
'https://gitlab.com/gitlab-org/gitlab-foss/issues/42428'
)
Gitlab
::
QueryLimiting
.
whitelist
(
'https://gitlab.com/gitlab-org/gitlab/issues/35174'
)
end
def
validate_id_list
...
...
app/serializers/issue_board_entity.rb
View file @
d554930e
...
...
@@ -2,7 +2,6 @@
class
IssueBoardEntity
<
Grape
::
Entity
include
RequestAwareEntity
include
TimeTrackableEntity
expose
:id
expose
:iid
...
...
ee/spec/models/issue_spec.rb
View file @
d554930e
...
...
@@ -243,9 +243,9 @@ describe Issue do
let!
(
:board
)
{
create
(
:board
,
group:
group
)
}
let
(
:project
)
{
create
(
:project
,
namespace:
group
)
}
let
(
:project1
)
{
create
(
:project
,
namespace:
group
)
}
let
(
:issue
)
{
create
(
:issue
,
project:
project
)
}
let
(
:issue1
)
{
create
(
:issue
,
project:
project1
)
}
let
(
:new_issue
)
{
create
(
:issue
,
project:
project1
)
}
let
(
:issue
)
{
build
(
:issue
,
project:
project
)
}
let
(
:issue1
)
{
build
(
:issue
,
project:
project1
)
}
let
(
:new_issue
)
{
build
(
:issue
,
project:
project1
,
relative_position:
nil
)
}
before
do
[
issue
,
issue1
].
each
do
|
issue
|
...
...
spec/factories/issues.rb
View file @
d554930e
...
...
@@ -6,6 +6,7 @@ FactoryBot.define do
project
author
{
project
.
creator
}
updated_by
{
author
}
relative_position
{
RelativePositioning
::
START_POSITION
}
trait
:confidential
do
confidential
{
true
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment