Commit d554930e authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Remove query whitelist in Boards::IssuesController

parent 63a21c00
......@@ -13,7 +13,7 @@ module Boards
requires_cross_project_access if: -> { board&.group_board? }
before_action :whitelist_query_limiting, only: [:index, :update, :bulk_move]
before_action :whitelist_query_limiting, only: [:bulk_move]
before_action :authorize_read_issue, only: [:index]
before_action :authorize_create_issue, only: [:create]
before_action :authorize_update_issue, only: [:update]
......@@ -130,8 +130,7 @@ module Boards
end
def whitelist_query_limiting
# Also see https://gitlab.com/gitlab-org/gitlab-foss/issues/42439
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42428')
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab/issues/35174')
end
def validate_id_list
......
......@@ -2,7 +2,6 @@
class IssueBoardEntity < Grape::Entity
include RequestAwareEntity
include TimeTrackableEntity
expose :id
expose :iid
......
......@@ -243,9 +243,9 @@ describe Issue do
let!(:board) { create(:board, group: group) }
let(:project) { create(:project, namespace: group) }
let(:project1) { create(:project, namespace: group) }
let(:issue) { create(:issue, project: project) }
let(:issue1) { create(:issue, project: project1) }
let(:new_issue) { create(:issue, project: project1) }
let(:issue) { build(:issue, project: project) }
let(:issue1) { build(:issue, project: project1) }
let(:new_issue) { build(:issue, project: project1, relative_position: nil) }
before do
[issue, issue1].each do |issue|
......
......@@ -6,6 +6,7 @@ FactoryBot.define do
project
author { project.creator }
updated_by { author }
relative_position { RelativePositioning::START_POSITION }
trait :confidential do
confidential { true }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment