Commit fecfeccd authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot

Merge branch 'security-33660-comment-search-should-not-show-system-notes' into 'master'

Do not index system notes for issue update

See merge request gitlab/gitlab-ee!1370
parents 965683ee ab14e1a8
...@@ -34,11 +34,13 @@ module Elastic ...@@ -34,11 +34,13 @@ module Elastic
private private
# rubocop: disable CodeReuse/ActiveRecord
def update_issue_notes(record, changed_fields) def update_issue_notes(record, changed_fields)
if changed_fields && (changed_fields & ISSUE_TRACKED_FIELDS).any? if changed_fields && (changed_fields & ISSUE_TRACKED_FIELDS).any?
import_association(Note, query: -> { where(noteable: record) }) import_association(Note, query: -> { searchable.where(noteable: record) })
end end
end end
# rubocop: enable CodeReuse/ActiveRecord
def initial_index_project(project) def initial_index_project(project)
# Enqueue the repository indexing jobs immediately so they run in parallel # Enqueue the repository indexing jobs immediately so they run in parallel
......
---
title: Do not index system notes for issue update
merge_request:
author:
type: security
...@@ -320,4 +320,50 @@ describe Elastic::IndexRecordService, :elastic do ...@@ -320,4 +320,50 @@ describe Elastic::IndexRecordService, :elastic do
expect(Project.elastic_search('project_1').present?).to eq(false) expect(Project.elastic_search('project_1').present?).to eq(false)
end end
context 'when updating an Issue' do
context 'when changing the confidential value' do
it 'updates issue notes excluding system notes' do
issue = nil
Sidekiq::Testing.disable! do
issue = create(:issue, confidential: false)
subject.execute(issue.project, true)
subject.execute(issue, false)
create(:note, note: 'the_normal_note', noteable: issue, project: issue.project)
create(:note, note: 'the_system_note', system: true, noteable: issue, project: issue.project)
end
options = { project_ids: [issue.project.id] }
Sidekiq::Testing.inline! do
expect(subject.execute(issue, false, 'changed_fields' => ['confidential'])).to eq(true)
Gitlab::Elastic::Helper.refresh_index
end
expect(Note.elastic_search('the_normal_note', options: options).present?).to eq(true)
expect(Note.elastic_search('the_system_note', options: options).present?).to eq(false)
end
end
context 'when changing the title' do
it 'does not update issue notes' do
issue = nil
Sidekiq::Testing.disable! do
issue = create(:issue, confidential: false)
subject.execute(issue.project, true)
subject.execute(issue, false)
create(:note, note: 'the_normal_note', noteable: issue, project: issue.project)
end
options = { project_ids: [issue.project.id] }
Sidekiq::Testing.inline! do
expect(subject.execute(issue, false, 'changed_fields' => ['title'])).to eq(true)
Gitlab::Elastic::Helper.refresh_index
end
expect(Note.elastic_search('the_normal_note', options: options).present?).to eq(false)
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment