Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-09 14:56:01 +01:00
Code Issues Packages Projects Releases Activity

Updating an issue via REST API causes internal server error if invalid project id is specified (#33417).

Browse Source 
Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@19777 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA
2020-05-14 14:33:07 +00:00
parent a924a3dfa1
commit ca2bde9fbf
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/models/issue.rb
View File

@@ -723,7 +723,7 @@ class Issue < ActiveRecord::Base
errors.add :start_date, :earlier_than_minimum_start_date, :date => format_date(soonest_start) errors.add :start_date, :earlier_than_minimum_start_date, :date => format_date(soonest_start)
end end
if fixed_version if project && fixed_version
if !assignable_versions.include?(fixed_version) if !assignable_versions.include?(fixed_version)
errors.add :fixed_version_id, :inclusion errors.add :fixed_version_id, :inclusion
elsif reopening? && fixed_version.closed? elsif reopening? && fixed_version.closed?
@@ -738,7 +738,7 @@ class Issue < ActiveRecord::Base
end end
end end
if assigned_to_id_changed? && assigned_to_id.present? if project && assigned_to_id_changed? && assigned_to_id.present?
unless assignable_users.include?(assigned_to) unless assignable_users.include?(assigned_to)
errors.add :assigned_to_id, :invalid errors.add :assigned_to_id, :invalid
end end
@@ -938,6 +938,8 @@ class Issue < ActiveRecord::Base
# Users the issue can be assigned to # Users the issue can be assigned to
def assignable_users def assignable_users
return [] if project.nil?
users = project.assignable_users(tracker).to_a users = project.assignable_users(tracker).to_a
users << author if author && author.active? users << author if author && author.active?
if assigned_to_id_was.present? && assignee = Principal.find_by_id(assigned_to_id_was) if assigned_to_id_was.present? && assignee = Principal.find_by_id(assigned_to_id_was)
@@ -949,6 +951,7 @@ class Issue < ActiveRecord::Base
# Versions that the issue can be assigned to # Versions that the issue can be assigned to
def assignable_versions def assignable_versions
return @assignable_versions if @assignable_versions return @assignable_versions if @assignable_versions
return [] if project.nil?
versions = project.shared_versions.open.to_a versions = project.shared_versions.open.to_a
if fixed_version if fixed_version

28
test/integration/api_test/issues_test.rb
View File

@@ -663,6 +663,34 @@ class Redmine::ApiTest::IssuesTest < Redmine::ApiTest::Base
assert_response 422 assert_response 422
end end
test "POST /issues.json with invalid project_id and any assigned_to_id should respond with 422" do
post(
'/issues.json',
:params => {
:issue => {
:project_id => 999,
:assigned_to_id => 1,
:subject => 'API'
}
},
:headers => credentials('jsmith'))
assert_response 422
end
test "POST /issues.json with invalid project_id and any fixed_version_id should respond with 422" do
post(
'/issues.json',
:params => {
:issue => {
:project_id => 999,
:fixed_version_id => 1,
:subject => 'API'
}
},
:headers => credentials('jsmith'))
assert_response 422
end
test "PUT /issues/:id.xml" do test "PUT /issues/:id.xml" do
assert_difference('Journal.count') do assert_difference('Journal.count') do
put( put(