gitlab-org--gitlab-foss/lib/api/v3/issues.rb

module API
  module V3
    class Issues < Grape::API
      include PaginationParams

      before { authenticate! }

      helpers do
        def find_issues(args = {})
          args = params.merge(args)
          args = convert_parameters_from_legacy_format(args)

          args.delete(:id)
          args[:milestone_title] = args.delete(:milestone)

          match_all_labels = args.delete(:match_all_labels)
          labels = args.delete(:labels)
          args[:label_name] = labels if match_all_labels

          # IssuesFinder expects iids
          args[:iids] = args.delete(:iid) if args.key?(:iid)

          issues = IssuesFinder.new(current_user, args).execute.inc_notes_with_associations

          if !match_all_labels && labels.present?
            issues = issues.includes(:labels).where('labels.title' => labels.split(','))
          end

          issues.reorder(args[:order_by] => args[:sort])
        end

        params :issues_params do
          optional :labels, type: String, desc: 'Comma-separated list of label names'
          optional :milestone, type: String, desc: 'Milestone title'
          optional :order_by, type: String, values: %w[created_at updated_at], default: 'created_at',
                              desc: 'Return issues ordered by `created_at` or `updated_at` fields.'
          optional :sort, type: String, values: %w[asc desc], default: 'desc',
                          desc: 'Return issues sorted in `asc` or `desc` order.'
          optional :milestone, type: String, desc: 'Return issues for a specific milestone'
          use :pagination
        end

        params :issue_params do
          optional :description, type: String, desc: 'The description of an issue'
          optional :assignee_id, type: Integer, desc: 'The ID of a user to assign issue'
          optional :milestone_id, type: Integer, desc: 'The ID of a milestone to assign issue'
          optional :labels, type: String, desc: 'Comma-separated list of label names'
          optional :due_date, type: String, desc: 'Date time string in the format YEAR-MONTH-DAY'
          optional :confidential, type: Boolean, desc: 'Boolean parameter if the issue should be confidential'
        end
      end

      resource :issues do
        desc "Get currently authenticated user's issues" do
          success ::API::V3::Entities::Issue
        end
        params do
          optional :state, type: String, values: %w[opened closed all], default: 'all',
                           desc: 'Return opened, closed, or all issues'
          use :issues_params
        end
        get do
          issues = find_issues(scope: 'authored')

          present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user
        end
      end

      params do
        requires :id, type: String, desc: 'The ID of a group'
      end
      resource :groups, requirements: { id: %r{[^/]+} } do
        desc 'Get a list of group issues' do
          success ::API::V3::Entities::Issue
        end
        params do
          optional :state, type: String, values: %w[opened closed all], default: 'all',
                           desc: 'Return opened, closed, or all issues'
          use :issues_params
        end
        get ":id/issues" do
          group = find_group!(params[:id])

          issues = find_issues(group_id: group.id, match_all_labels: true)

          present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user
        end
      end

      params do
        requires :id, type: String, desc: 'The ID of a project'
      end
      resource :projects, requirements: { id: %r{[^/]+} } do
        include TimeTrackingEndpoints

        desc 'Get a list of project issues' do
          detail 'iid filter is deprecated have been removed on V4'
          success ::API::V3::Entities::Issue
        end
        params do
          optional :state, type: String, values: %w[opened closed all], default: 'all',
                           desc: 'Return opened, closed, or all issues'
          optional :iid, type: Integer, desc: 'Return the issue having the given `iid`'
          use :issues_params
        end
        get ":id/issues" do
          project = find_project!(params[:id])

          issues = find_issues(project_id: project.id)

          present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project
        end

        desc 'Get a single project issue' do
          success ::API::V3::Entities::Issue
        end
        params do
          requires :issue_id, type: Integer, desc: 'The ID of a project issue'
        end
        get ":id/issues/:issue_id" do
          issue = find_project_issue(params[:issue_id])
          present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project
        end

        desc 'Create a new project issue' do
          success ::API::V3::Entities::Issue
        end
        params do
          requires :title, type: String, desc: 'The title of an issue'
          optional :created_at, type: DateTime,
                                desc: 'Date time when the issue was created. Available only for admins and project owners.'
          optional :merge_request_for_resolving_discussions, type: Integer,
                                                             desc: 'The IID of a merge request for which to resolve discussions'
          use :issue_params
        end
        post ':id/issues' do
          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42131')

          # Setting created_at time only allowed for admins and project owners
          unless current_user.admin? || user_project.owner == current_user
            params.delete(:created_at)
          end

          issue_params = declared_params(include_missing: false)
          issue_params = issue_params.merge(merge_request_to_resolve_discussions_of: issue_params.delete(:merge_request_for_resolving_discussions))
          issue_params = convert_parameters_from_legacy_format(issue_params)

          issue = ::Issues::CreateService.new(user_project,
                                              current_user,
                                              issue_params.merge(request: request, api: true)).execute
          render_spam_error! if issue.spam?

          if issue.valid?
            present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project
          else
            render_validation_error!(issue)
          end
        end

        desc 'Update an existing issue' do
          success ::API::V3::Entities::Issue
        end
        params do
          requires :issue_id, type: Integer, desc: 'The ID of a project issue'
          optional :title, type: String, desc: 'The title of an issue'
          optional :updated_at, type: DateTime,
                                desc: 'Date time when the issue was updated. Available only for admins and project owners.'
          optional :state_event, type: String, values: %w[reopen close], desc: 'State of the issue'
          use :issue_params
          at_least_one_of :title, :description, :assignee_id, :milestone_id,
                          :labels, :created_at, :due_date, :confidential, :state_event
        end
        put ':id/issues/:issue_id' do
          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42132')

          issue = user_project.issues.find(params.delete(:issue_id))
          authorize! :update_issue, issue

          # Setting created_at time only allowed for admins and project owners
          unless current_user.admin? || user_project.owner == current_user
            params.delete(:updated_at)
          end

          update_params = declared_params(include_missing: false).merge(request: request, api: true)
          update_params = convert_parameters_from_legacy_format(update_params)

          issue = ::Issues::UpdateService.new(user_project,
                                              current_user,
                                              update_params).execute(issue)

          render_spam_error! if issue.spam?

          if issue.valid?
            present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project
          else
            render_validation_error!(issue)
          end
        end

        desc 'Move an existing issue' do
          success ::API::V3::Entities::Issue
        end
        params do
          requires :issue_id, type: Integer, desc: 'The ID of a project issue'
          requires :to_project_id, type: Integer, desc: 'The ID of the new project'
        end
        post ':id/issues/:issue_id/move' do
          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42133')

          issue = user_project.issues.find_by(id: params[:issue_id])
          not_found!('Issue') unless issue

          new_project = Project.find_by(id: params[:to_project_id])
          not_found!('Project') unless new_project

          begin
            issue = ::Issues::MoveService.new(user_project, current_user).execute(issue, new_project)
            present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project
          rescue ::Issues::MoveService::MoveError => error
            render_api_error!(error.message, 400)
          end
        end

        desc 'Delete a project issue'
        params do
          requires :issue_id, type: Integer, desc: 'The ID of a project issue'
        end
        delete ":id/issues/:issue_id" do
          issue = user_project.issues.find_by(id: params[:issue_id])
          not_found!('Issue') unless issue

          authorize!(:destroy_issue, issue)

          status(200)
          issue.destroy
        end
      end
    end
  end
end
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`module API`
			`module V3`
			`class Issues < Grape::API`
			`include PaginationParams`

			`before { authenticate! }`

			`helpers do`
			`def find_issues(args = {})`
			`args = params.merge(args)`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`args = convert_parameters_from_legacy_format(args)`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
			`args.delete(:id)`
			`args[:milestone_title] = args.delete(:milestone)`

			`match_all_labels = args.delete(:match_all_labels)`
			`labels = args.delete(:labels)`
			`args[:label_name] = labels if match_all_labels`

add a :iids param to IssuableFinder 2017-02-17 13:28:32 -05:00			`# IssuesFinder expects iids`
			`args[:iids] = args.delete(:iid) if args.key?(:iid)`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
			`issues = IssuesFinder.new(current_user, args).execute.inc_notes_with_associations`

			`if !match_all_labels && labels.present?`
			`issues = issues.includes(:labels).where('labels.title' => labels.split(','))`
			`end`

			`issues.reorder(args[:order_by] => args[:sort])`
			`end`

			`params :issues_params do`
			`optional :labels, type: String, desc: 'Comma-separated list of label names'`
			`optional :milestone, type: String, desc: 'Milestone title'`
			`optional :order_by, type: String, values: %w[created_at updated_at], default: 'created_at',`
			desc: 'Return issues ordered by `created_at` or `updated_at` fields.'
			`optional :sort, type: String, values: %w[asc desc], default: 'desc',`
			desc: 'Return issues sorted in `asc` or `desc` order.'
			`optional :milestone, type: String, desc: 'Return issues for a specific milestone'`
			`use :pagination`
			`end`

			`params :issue_params do`
			`optional :description, type: String, desc: 'The description of an issue'`
			`optional :assignee_id, type: Integer, desc: 'The ID of a user to assign issue'`
			`optional :milestone_id, type: Integer, desc: 'The ID of a milestone to assign issue'`
			`optional :labels, type: String, desc: 'Comma-separated list of label names'`
			`optional :due_date, type: String, desc: 'Date time string in the format YEAR-MONTH-DAY'`
			`optional :confidential, type: Boolean, desc: 'Boolean parameter if the issue should be confidential'`
			`end`
			`end`

			`resource :issues do`
			`desc "Get currently authenticated user's issues" do`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
			`optional :state, type: String, values: %w[opened closed all], default: 'all',`
			`desc: 'Return opened, closed, or all issues'`
			`use :issues_params`
			`end`
			`get do`
			`issues = find_issues(scope: 'authored')`

Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`end`

			`params do`
			`requires :id, type: String, desc: 'The ID of a group'`
			`end`
Add `requirements: { id: %r{[^/]+} }` for all projects and groups namespaced API routes Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-15 14:09:24 -04:00			`resource :groups, requirements: { id: %r{[^/]+} } do`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`desc 'Get a list of group issues' do`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
Fix API group/issues default state filter 2017-03-27 09:43:21 -04:00			`optional :state, type: String, values: %w[opened closed all], default: 'all',`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`desc: 'Return opened, closed, or all issues'`
			`use :issues_params`
			`end`
			`get ":id/issues" do`
			`group = find_group!(params[:id])`

Fix API group/issues default state filter 2017-03-27 09:43:21 -04:00			`issues = find_issues(group_id: group.id, match_all_labels: true)`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`end`

			`params do`
			`requires :id, type: String, desc: 'The ID of a project'`
			`end`
Add `requirements: { id: %r{[^/]+} }` for all projects and groups namespaced API routes Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-15 14:09:24 -04:00			`resource :projects, requirements: { id: %r{[^/]+} } do`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`include TimeTrackingEndpoints`

			`desc 'Get a list of project issues' do`
			`detail 'iid filter is deprecated have been removed on V4'`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
			`optional :state, type: String, values: %w[opened closed all], default: 'all',`
			`desc: 'Return opened, closed, or all issues'`
			optional :iid, type: Integer, desc: 'Return the issue having the given `iid`'
			`use :issues_params`
			`end`
			`get ":id/issues" do`
Return 404 in project issues API endpoint when project cannot be found Closes #29631 2017-03-20 13:03:29 -04:00			`project = find_project!(params[:id])`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
			`issues = find_issues(project_id: project.id)`

Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`

			`desc 'Get a single project issue' do`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
			`requires :issue_id, type: Integer, desc: 'The ID of a project issue'`
			`end`
			`get ":id/issues/:issue_id" do`
			`issue = find_project_issue(params[:issue_id])`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`

			`desc 'Create a new project issue' do`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
			`requires :title, type: String, desc: 'The title of an issue'`
			`optional :created_at, type: DateTime,`
			`desc: 'Date time when the issue was created. Available only for admins and project owners.'`
			`optional :merge_request_for_resolving_discussions, type: Integer,`
			`desc: 'The IID of a merge request for which to resolve discussions'`
			`use :issue_params`
			`end`
			`post ':id/issues' do`
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 10:21:04 -05:00			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42131')`

Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`# Setting created_at time only allowed for admins and project owners`
			`unless current_user.admin? \|\| user_project.owner == current_user`
			`params.delete(:created_at)`
			`end`

			`issue_params = declared_params(include_missing: false)`
Make API v3 work with the new param name 2017-03-10 13:24:09 -05:00			`issue_params = issue_params.merge(merge_request_to_resolve_discussions_of: issue_params.delete(:merge_request_for_resolving_discussions))`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`issue_params = convert_parameters_from_legacy_format(issue_params)`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
			`issue = ::Issues::CreateService.new(user_project,`
			`current_user,`
			`issue_params.merge(request: request, api: true)).execute`
Spam check and reCAPTCHA improvements 2017-02-14 14:07:11 -05:00			`render_spam_error! if issue.spam?`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
			`if issue.valid?`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`else`
			`render_validation_error!(issue)`
			`end`
			`end`

			`desc 'Update an existing issue' do`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
			`requires :issue_id, type: Integer, desc: 'The ID of a project issue'`
			`optional :title, type: String, desc: 'The title of an issue'`
			`optional :updated_at, type: DateTime,`
			`desc: 'Date time when the issue was updated. Available only for admins and project owners.'`
			`optional :state_event, type: String, values: %w[reopen close], desc: 'State of the issue'`
			`use :issue_params`
			`at_least_one_of :title, :description, :assignee_id, :milestone_id,`
			`:labels, :created_at, :due_date, :confidential, :state_event`
			`end`
			`put ':id/issues/:issue_id' do`
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 10:21:04 -05:00			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42132')`

Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`issue = user_project.issues.find(params.delete(:issue_id))`
			`authorize! :update_issue, issue`

			`# Setting created_at time only allowed for admins and project owners`
			`unless current_user.admin? \|\| user_project.owner == current_user`
			`params.delete(:updated_at)`
			`end`

Spam check and reCAPTCHA improvements 2017-02-14 14:07:11 -05:00			`update_params = declared_params(include_missing: false).merge(request: request, api: true)`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`update_params = convert_parameters_from_legacy_format(update_params)`
Spam check and reCAPTCHA improvements 2017-02-14 14:07:11 -05:00
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`issue = ::Issues::UpdateService.new(user_project,`
			`current_user,`
Spam check and reCAPTCHA improvements 2017-02-14 14:07:11 -05:00			`update_params).execute(issue)`

			`render_spam_error! if issue.spam?`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00
			`if issue.valid?`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`else`
			`render_validation_error!(issue)`
			`end`
			`end`

			`desc 'Move an existing issue' do`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`success ::API::V3::Entities::Issue`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`end`
			`params do`
			`requires :issue_id, type: Integer, desc: 'The ID of a project issue'`
			`requires :to_project_id, type: Integer, desc: 'The ID of the new project'`
			`end`
			`post ':id/issues/:issue_id/move' do`
Track and act upon the number of executed queries This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users. 2018-01-15 10:21:04 -05:00			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42133')`

Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`issue = user_project.issues.find_by(id: params[:issue_id])`
			`not_found!('Issue') unless issue`

			`new_project = Project.find_by(id: params[:to_project_id])`
			`not_found!('Project') unless new_project`

			`begin`
			`issue = ::Issues::MoveService.new(user_project, current_user).execute(issue, new_project)`
Backport of multiple_assignees_feature [ci skip] 2017-05-04 08:11:15 -04:00			`present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`rescue ::Issues::MoveService::MoveError => error`
			`render_api_error!(error.message, 400)`
			`end`
			`end`

			`desc 'Delete a project issue'`
			`params do`
			`requires :issue_id, type: Integer, desc: 'The ID of a project issue'`
			`end`
			`delete ":id/issues/:issue_id" do`
			`issue = user_project.issues.find_by(id: params[:issue_id])`
			`not_found!('Issue') unless issue`

			`authorize!(:destroy_issue, issue)`
Backport API to V3 2017-02-20 14:32:44 -05:00
			`status(200)`
Remove deprecated MR and Issue endpoints and preserve V3 namespace 2017-01-25 16:35:27 -05:00			`issue.destroy`
			`end`
			`end`
			`end`
			`end`
			`end`