Support use of group_full_path when reorderingtesting-manual-ordering

which scopes the issues to a group and subgroups
author: Brett Walker <bwalker@gitlab.com> 2019-06-13 19:30:40 +0300
committer: Rajat Jain <rjain@gitlab.com> 2019-06-14 10:12:05 +0300
commit: 794c3c8d42d3f4e9850f41168f25e8f6c56598f5 (patch)
tree: 92c0131f5ff19b24a0cbec0375814d1e655754db /app
parent: dc46a1c42ed29c2ed2298091489545a8ced1636c (diff)
3 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 48f82a64818..f221f0363d3 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -254,7 +254,7 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def reorder_params
-    params.permit(:move_before_id, :move_after_id)
+    params.permit(:move_before_id, :move_after_id, :group_full_path)
   end
 
   def store_uri
diff --git a/app/services/issues/reorder_service.rb b/app/services/issues/reorder_service.rb
index 1013c3dc20b..7b8cc36607d 100644
--- a/app/services/issues/reorder_service.rb
+++ b/app/services/issues/reorder_service.rb
@@ -2,8 +2,9 @@
 
 module Issues
   class ReorderService < Issues::BaseService
-    def execute(issue, group = nil)
+    def execute(issue)
       return false unless can?(current_user, :update_issue, issue)
+      return false if group && !can?(current_user, :read_group, group)
 
       attrs = issue_params(group)
       return false if attrs.empty?
@@ -13,6 +14,12 @@ module Issues
 
     private
 
+    def group
+      return unless params[:group_full_path]
+
+      @group ||= Group.find_by_full_path(params[:group_full_path])
+    end
+
     def update(issue, attrs)
       ::Issues::UpdateService.new(project, current_user, attrs).execute(issue)
     rescue ActiveRecord::RecordNotFound
diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb
index cb2337d29d4..6b9f23f24cd 100644
--- a/app/services/issues/update_service.rb
+++ b/app/services/issues/update_service.rb
@@ -76,6 +76,7 @@ module Issues
 
       issue_before = get_issue_if_allowed(before_id, board_group_id)
       issue_after = get_issue_if_allowed(after_id, board_group_id)
+      raise ActiveRecord::RecordNotFound unless issue_before || issue_after
 
       issue.move_between(issue_before, issue_after)
     end
author	Brett Walker <bwalker@gitlab.com>	2019-06-13 19:30:40 +0300
committer	Rajat Jain <rjain@gitlab.com>	2019-06-14 10:12:05 +0300
commit	794c3c8d42d3f4e9850f41168f25e8f6c56598f5 (patch)
tree	92c0131f5ff19b24a0cbec0375814d1e655754db /app
parent	dc46a1c42ed29c2ed2298091489545a8ced1636c (diff)