From 4adfd501a5d31abd16bccf08586bf8a125b03450 Mon Sep 17 00:00:00 2001 From: Grzegorz Bizon Date: Thu, 21 Apr 2016 12:20:05 +0200 Subject: Verify label affiliation before assigning to issue This also verify if milestone belongs to correct project before creating a new issue. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15439 --- app/services/issuable_base_service.rb | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'app/services/issuable_base_service.rb') diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb index 18f76d3f650..ab110001f91 100644 --- a/app/services/issuable_base_service.rb +++ b/app/services/issuable_base_service.rb @@ -37,8 +37,9 @@ class IssuableBaseService < BaseService end def filter_params(issuable_ability_name = :issue) - params[:assignee_id] = "" if params[:assignee_id] == IssuableFinder::NONE - params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE + filter_assignee + filter_milestone + filter_labels ability = :"admin_#{issuable_ability_name}" @@ -49,6 +50,29 @@ class IssuableBaseService < BaseService end end + def filter_assignee + if params[:assignee_id] == IssuableFinder::NONE + params[:assignee_id] = '' + end + end + + def filter_milestone + return unless params[:milestone_id] + + if params[:milestone_id] == IssuableFinder::NONE || + Milestone.find(params[:milestone_id]).try(:project) != project + params[:milestone_id] = '' + end + end + + def filter_labels + return if params[:label_ids].to_a.empty? + + params[:label_ids].select! do |label_id| + Label.find(label_id).try(:project) == project + end + end + def update(issuable) change_state(issuable) filter_params -- cgit v1.2.3