diff options
| author | Patrick Derichs <pderichs@gitlab.com> | 2019-07-11 16:29:16 +0300 |
|---|---|---|
| committer | Patrick Derichs <pderichs@gitlab.com> | 2019-07-11 16:44:09 +0300 |
| commit | 69e02904fe1a5442cd429bfc307bb55eefedd5d6 (patch) | |
| tree | ac27e0d2ff26131896b76ea6bfabe63594558d3a /app/controllers | |
| parent | e6f8e120816842bc3fba82ca77625fdde6a76a66 (diff) | |
Add endpoint to move multiple issues
Add specs for new endpoint to move multiple issues.
Add changelog entry
Just check the first issue for the ability to move / update
Add specs for exceeding limits and malformed requests
Changed name of shared examples
Change title of changelog entry
Use %i instead of %w
Check permission to update issue on project instead of board
Use admin_issue permission to check for issue move ability
Changed variable name to avoid shadow issue_params method
Rename route to bulk_move
Change route definition
Check permissions for each issue
Combine methods for parameters permit check
Remove extra context
Change description of context
Check param for type Array
Add unit tests to MoveService
Use before_action for permission check
Use set instead of let!
Use let's instead of set
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/boards/issues_controller.rb | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/app/controllers/boards/issues_controller.rb b/app/controllers/boards/issues_controller.rb index 0dd7500623d..353a9806fd1 100644 --- a/app/controllers/boards/issues_controller.rb +++ b/app/controllers/boards/issues_controller.rb @@ -2,16 +2,24 @@ module Boards class IssuesController < Boards::ApplicationController + # This is the maximum amount of issues which can be moved by one request to + # bulk_move for now. This is temporary and might be removed in future by + # introducing an alternative (async?) approach. + # (related: https://gitlab.com/groups/gitlab-org/-/epics/382) + MAX_MOVE_ISSUES_COUNT = 50 + include BoardsResponses include ControllerWithCrossProjectAccessCheck requires_cross_project_access if: -> { board&.group_board? } - before_action :whitelist_query_limiting, only: [:index, :update] + before_action :whitelist_query_limiting, only: [:index, :update, :bulk_move] before_action :authorize_read_issue, only: [:index] before_action :authorize_create_issue, only: [:create] before_action :authorize_update_issue, only: [:update] skip_before_action :authenticate_user!, only: [:index] + before_action :validate_id_list, only: [:bulk_move] + before_action :can_move_issues?, only: [:bulk_move] # rubocop: disable CodeReuse/ActiveRecord def index @@ -46,6 +54,17 @@ module Boards end end + def bulk_move + service = Boards::Issues::MoveService.new(board_parent, current_user, move_params(true)) + + issues = Issue.find(params[:ids]) + if service.execute_multiple(issues) + head :ok + else + head :unprocessable_entity + end + end + def update service = Boards::Issues::MoveService.new(board_parent, current_user, move_params) @@ -58,6 +77,10 @@ module Boards private + def can_move_issues? + head(:forbidden) unless can?(current_user, :admin_issue, board) + end + def render_issues(issues, metadata) data = { issues: serialize_as_json(issues) } data.merge!(metadata) @@ -90,8 +113,9 @@ module Boards end end - def move_params - params.permit(:board_id, :id, :from_list_id, :to_list_id, :move_before_id, :move_after_id) + def move_params(multiple = false) + id_param = multiple ? :ids : :id + params.permit(id_param, :board_id, :from_list_id, :to_list_id, :move_before_id, :move_after_id) end def issue_params @@ -112,5 +136,10 @@ module Boards # Also see https://gitlab.com/gitlab-org/gitlab-ce/issues/42439 Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42428') end + + def validate_id_list + head(:bad_request) unless params[:ids].is_a?(Array) + head(:unprocessable_entity) if params[:ids].size > MAX_MOVE_ISSUES_COUNT + end end end |