Verify label affiliation before assigning to issue

This also verify if milestone belongs to correct project before creating a new issue. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439

Verify label affiliation before assigning to issue
This also verify if milestone belongs to correct project before creating a new issue. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439
4adfd501 · Grzegorz Bizon · aea97991 · 4adfd501 · 4adfd501
Commit 4adfd501 authored Apr 21, 2016 by Grzegorz Bizon
Hide whitespace changes
Inline Side-by-side

Showing with 54 additions and 2 deletions

app/services/issuable_base_service.rb app/services/issuable_base_service.rb +26 -2

spec/services/issues/create_service_spec.rb spec/services/issues/create_service_spec.rb +28 -0

No files found.
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -37,8 +37,9 @@ class IssuableBaseService < BaseService
  end

  def filter_params(issuable_ability_name = :issue)
-    params[:assignee_id]  = "" if params[:assignee_id] == IssuableFinder::NONE
-    params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE
+    filter_assignee
+    filter_milestone
+    filter_labels

    ability = :"admin_#{issuable_ability_name}"

@@ -49,6 +50,29 @@ class IssuableBaseService < BaseService
    end
  end

+  def filter_assignee
+    if params[:assignee_id] == IssuableFinder::NONE
+      params[:assignee_id] = ''
+    end
+  end
+
+  def filter_milestone
+    return unless params[:milestone_id]
+
+    if params[:milestone_id] == IssuableFinder::NONE ||
+        Milestone.find(params[:milestone_id]).try(:project) != project
+      params[:milestone_id] = ''
+    end
+  end
+
+  def filter_labels
+    return if params[:label_ids].to_a.empty?
+
+    params[:label_ids].select! do |label_id|
+      Label.find(label_id).try(:project) == project
+    end
+  end
+
  def update(issuable)
    change_state(issuable)
    filter_params

--- a/spec/services/issues/create_service_spec.rb
+++ b/spec/services/issues/create_service_spec.rb
@@ -37,6 +37,34 @@ describe Issues::CreateService, services: true do

        expect(Todo.where(attributes).count).to eq 1
      end
+
+      context 'label that belongs to different project' do
+        let(:issue) { Issues::CreateService.new(project, user, opts).execute }
+        let(:label) { create(:label) }
+        let(:opts) do
+          { title: 'Title',
+            description: 'Description',
+            label_ids: [label.id] }
+        end
+
+        it 'does not assign label'do
+          expect(issue.labels).to_not include label
+        end
+      end
+
+      context 'milestone that belongs to different project' do
+        let(:issue) { Issues::CreateService.new(project, user, opts).execute }
+        let(:milestone) { create(:milestone) }
+        let(:opts) do
+          { title: 'Title',
+            description: 'Description',
+            milestone_id: milestone.id }
+        end
+
+        it 'does not assign label' do
+          expect(issue.milestone).to_not eq milestone
+        end
+      end
    end
  end
 end