From 9770c57fab0315865a33c8b6df269eded0d57b5c Mon Sep 17 00:00:00 2001
From: Brian Neel <brian@gitlab.com>
Date: Thu, 3 Aug 2017 22:20:34 -0400
Subject: Re-enable SqlInjection and CommandInjection

---
 lib/api/notes.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/api/notes.rb')

diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index 65ff89edf65..4e4e473994b 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -139,7 +139,7 @@ module API
 
     helpers do
       def find_project_noteable(noteables_str, noteable_id)
-        public_send("find_project_#{noteables_str.singularize}", noteable_id)
+        public_send("find_project_#{noteables_str.singularize}", noteable_id) # rubocop:disable GitlabSecurity/PublicSend
       end
 
       def noteable_read_ability_name(noteable)
-- 
cgit v1.2.1


From 998afa5f74558be215a924d95aa131a69831ca43 Mon Sep 17 00:00:00 2001
From: Robert Schilling <rschilling@student.tugraz.at>
Date: Wed, 1 Mar 2017 14:35:48 +0100
Subject: API: Respect the 'If-Unmodified-Since' for delete endpoints

---
 lib/api/notes.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/api/notes.rb')

diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index 4e4e473994b..58d71787aca 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -129,7 +129,9 @@ module API
         end
         delete ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
           note = user_project.notes.find(params[:note_id])
+
           authorize! :admin_note, note
+          check_unmodified_since(note.updated_at)
 
           status 204
           ::Notes::DestroyService.new(user_project, current_user).execute(note)
-- 
cgit v1.2.1


From e80313f9ee5b3495a8713e6ddae111bc8106155b Mon Sep 17 00:00:00 2001
From: Robert Schilling <rschilling@student.tugraz.at>
Date: Thu, 2 Mar 2017 13:14:13 +0100
Subject: Conditionally destroy a ressource

---
 lib/api/notes.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/api/notes.rb')

diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index 58d71787aca..e116448c15b 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -131,10 +131,10 @@ module API
           note = user_project.notes.find(params[:note_id])
 
           authorize! :admin_note, note
-          check_unmodified_since(note.updated_at)
 
-          status 204
-          ::Notes::DestroyService.new(user_project, current_user).execute(note)
+          destroy_conditionally!(note) do |note|
+            ::Notes::DestroyService.new(user_project, current_user).execute(note)
+          end
         end
       end
     end
-- 
cgit v1.2.1


From 6a2ee0968e811d31fb4cc23b30a6b42e42adf47b Mon Sep 17 00:00:00 2001
From: Robert Schilling <rschilling@student.tugraz.at>
Date: Thu, 31 Aug 2017 13:44:49 +0200
Subject: API: Use defined project requirements

---
 lib/api/notes.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/api/notes.rb')

diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index e116448c15b..d6e7203adaf 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -9,7 +9,7 @@ module API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects, requirements: { id: %r{[^/]+} } do
+    resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
       NOTEABLE_TYPES.each do |noteable_type|
         noteables_str = noteable_type.to_s.underscore.pluralize
 
-- 
cgit v1.2.1