From f2b2608a86b78f50de5d7a62b07040da1fbcc4ef Mon Sep 17 00:00:00 2001
From: JakobDev <jakobdev@gmx.de>
Date: Thu, 5 Oct 2023 05:37:36 +0200
Subject: [PATCH] Don't let API add 2 exclusive labels from same scope (#27433)

Fixes #27380
---
 models/issues/issue_label.go       | 11 +++++++++++
 models/issues/issue_label_test.go  | 28 ++++++++++++++++++++++++++++
 routers/api/v1/repo/issue_label.go |  2 +-
 3 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 models/issues/issue_label_test.go

diff --git a/models/issues/issue_label.go b/models/issues/issue_label.go
index 119a13adf2..0a2ffdb35f 100644
--- a/models/issues/issue_label.go
+++ b/models/issues/issue_label.go
@@ -54,6 +54,8 @@ func newIssueLabel(ctx context.Context, issue *Issue, label *Label, doer *user_m
 		return err
 	}
 
+	issue.Labels = append(issue.Labels, label)
+
 	return updateLabelCols(ctx, label, "num_issues", "num_closed_issue")
 }
 
@@ -122,6 +124,11 @@ func newIssueLabels(ctx context.Context, issue *Issue, labels []*Label, doer *us
 	if err = issue.LoadRepo(ctx); err != nil {
 		return err
 	}
+
+	if err = issue.LoadLabels(ctx); err != nil {
+		return err
+	}
+
 	for _, l := range labels {
 		// Don't add already present labels and invalid labels
 		if HasIssueLabel(ctx, issue.ID, l.ID) ||
@@ -129,6 +136,10 @@ func newIssueLabels(ctx context.Context, issue *Issue, labels []*Label, doer *us
 			continue
 		}
 
+		if err = RemoveDuplicateExclusiveIssueLabels(ctx, issue, l, doer); err != nil {
+			return err
+		}
+
 		if err = newIssueLabel(ctx, issue, l, doer); err != nil {
 			return fmt.Errorf("newIssueLabel: %w", err)
 		}
diff --git a/models/issues/issue_label_test.go b/models/issues/issue_label_test.go
new file mode 100644
index 0000000000..0d991b7c4f
--- /dev/null
+++ b/models/issues/issue_label_test.go
@@ -0,0 +1,28 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package issues_test
+
+import (
+	"testing"
+
+	issues_model "code.gitea.io/gitea/models/issues"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewIssueLabelsScope(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 18})
+	label1 := unittest.AssertExistsAndLoadBean(t, &issues_model.Label{ID: 7})
+	label2 := unittest.AssertExistsAndLoadBean(t, &issues_model.Label{ID: 8})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	assert.NoError(t, issues_model.NewIssueLabels(issue, []*issues_model.Label{label1, label2}, doer))
+
+	assert.Len(t, issue.Labels, 1)
+	assert.Equal(t, label2.ID, issue.Labels[0].ID)
+}
diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
index 2f9ad7060c..c2f530956e 100644
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -317,7 +317,7 @@ func prepareForReplaceOrAdd(ctx *context.APIContext, form api.IssueLabelsOption)
 		return nil, nil, err
 	}
 
-	labels, err := issues_model.GetLabelsByIDs(ctx, form.Labels, "id", "repo_id", "org_id")
+	labels, err := issues_model.GetLabelsByIDs(ctx, form.Labels, "id", "repo_id", "org_id", "name", "exclusive")
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "GetLabelsByIDs", err)
 		return nil, nil, err