Skip to content

Draft: Don't pass User instance in controller params

Rutger Wessels requested to merge rw/fix-invalid-user-500-fix-passing-user into master

What does this MR do and why?

This solves an issue: The user argument of PersonalProjectFinder was an instance of ActionController::Parameters and not a User. An can? method call failed because of this.

On master, a url like /groups/flightjs/-/children.json?user=someuser will result in Error 500. On this branch, it will ignore the user argument and no error is raised

Additionally, this MR removes the unusual assignment of a User instance to params[:user] and ensures the user_id is correctly set to the ID of the user.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Call /groups/flightjs/-/children.json?user=someuser

Merge request reports

Loading