Commit f691010d authored by Douwe Maan's avatar Douwe Maan

Make sure NotesActions#noteable returns a Noteable in the update action

parent a4072db0
...@@ -4,7 +4,7 @@ module NotesActions ...@@ -4,7 +4,7 @@ module NotesActions
included do included do
before_action :set_polling_interval_header, only: [:index] before_action :set_polling_interval_header, only: [:index]
before_action :noteable, only: :index before_action :require_noteable!, only: [:index, :create]
before_action :authorize_admin_note!, only: [:update, :destroy] before_action :authorize_admin_note!, only: [:update, :destroy]
before_action :note_project, only: [:create] before_action :note_project, only: [:create]
end end
...@@ -90,7 +90,7 @@ module NotesActions ...@@ -90,7 +90,7 @@ module NotesActions
if note.persisted? if note.persisted?
attrs[:valid] = true attrs[:valid] = true
if noteable.nil? || noteable.discussions_rendered_on_frontend? if noteable.discussions_rendered_on_frontend?
attrs.merge!(note_serializer.represent(note)) attrs.merge!(note_serializer.represent(note))
else else
attrs.merge!( attrs.merge!(
...@@ -191,7 +191,11 @@ module NotesActions ...@@ -191,7 +191,11 @@ module NotesActions
end end
def noteable def noteable
@noteable ||= notes_finder.target || render_404 @noteable ||= notes_finder.target || @note&.noteable
end
def require_noteable!
render_404 unless noteable
end end
def last_fetched_at def last_fetched_at
......
...@@ -20,6 +20,7 @@ class Snippets::NotesController < ApplicationController ...@@ -20,6 +20,7 @@ class Snippets::NotesController < ApplicationController
def snippet def snippet
PersonalSnippet.find_by(id: params[:snippet_id]) PersonalSnippet.find_by(id: params[:snippet_id])
end end
alias_method :noteable, :snippet
def note_params def note_params
super.merge(noteable_id: params[:snippet_id]) super.merge(noteable_id: params[:snippet_id])
......
---
title: Make sure NotesActions#noteable returns a Noteable in the update action
merge_request:
author:
type: fixed
...@@ -336,6 +336,29 @@ describe Projects::NotesController do ...@@ -336,6 +336,29 @@ describe Projects::NotesController do
end end
end end
describe 'PUT update' do
let(:request_params) do
{
namespace_id: project.namespace,
project_id: project,
id: note,
format: :json,
note: {
note: "New comment"
}
}
end
before do
sign_in(note.author)
project.team << [note.author, :developer]
end
it "updates the note" do
expect { put :update, request_params }.to change { note.reload.note }
end
end
describe 'DELETE destroy' do describe 'DELETE destroy' do
let(:request_params) do let(:request_params) do
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment