diff options
author | Brett Walker <bwalker@gitlab.com> | 2019-06-13 19:30:40 +0300 |
---|---|---|
committer | Rajat Jain <rjain@gitlab.com> | 2019-06-14 10:12:05 +0300 |
commit | 794c3c8d42d3f4e9850f41168f25e8f6c56598f5 (patch) | |
tree | 92c0131f5ff19b24a0cbec0375814d1e655754db /app | |
parent | dc46a1c42ed29c2ed2298091489545a8ced1636c (diff) |
Support use of group_full_path when reorderingtesting-manual-ordering
which scopes the issues to a group and subgroups
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/projects/issues_controller.rb | 2 | ||||
-rw-r--r-- | app/services/issues/reorder_service.rb | 9 | ||||
-rw-r--r-- | app/services/issues/update_service.rb | 1 |
3 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 48f82a64818..f221f0363d3 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -254,7 +254,7 @@ class Projects::IssuesController < Projects::ApplicationController end def reorder_params - params.permit(:move_before_id, :move_after_id) + params.permit(:move_before_id, :move_after_id, :group_full_path) end def store_uri diff --git a/app/services/issues/reorder_service.rb b/app/services/issues/reorder_service.rb index 1013c3dc20b..7b8cc36607d 100644 --- a/app/services/issues/reorder_service.rb +++ b/app/services/issues/reorder_service.rb @@ -2,8 +2,9 @@ module Issues class ReorderService < Issues::BaseService - def execute(issue, group = nil) + def execute(issue) return false unless can?(current_user, :update_issue, issue) + return false if group && !can?(current_user, :read_group, group) attrs = issue_params(group) return false if attrs.empty? @@ -13,6 +14,12 @@ module Issues private + def group + return unless params[:group_full_path] + + @group ||= Group.find_by_full_path(params[:group_full_path]) + end + def update(issue, attrs) ::Issues::UpdateService.new(project, current_user, attrs).execute(issue) rescue ActiveRecord::RecordNotFound diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb index cb2337d29d4..6b9f23f24cd 100644 --- a/app/services/issues/update_service.rb +++ b/app/services/issues/update_service.rb @@ -76,6 +76,7 @@ module Issues issue_before = get_issue_if_allowed(before_id, board_group_id) issue_after = get_issue_if_allowed(after_id, board_group_id) + raise ActiveRecord::RecordNotFound unless issue_before || issue_after issue.move_between(issue_before, issue_after) end |