summaryrefslogtreecommitdiff
path: root/app/finders/snippets_finder.rb
diff options
context:
space:
mode:
authorBob Van Landuyt <bob@vanlanduyt.co>2017-12-11 15:21:06 +0100
committerBob Van Landuyt <bob@vanlanduyt.co>2018-02-22 17:11:36 +0100
commit148816cd67a314f17e79c107270cc708501bdd39 (patch)
treeeba07d109322392bb5862b715adc066a0ebbdf95 /app/finders/snippets_finder.rb
parentb5306075c21f5546d1447052558da6227629c15e (diff)
downloadgitlab-ce-148816cd67a314f17e79c107270cc708501bdd39.tar.gz
Port `read_cross_project` ability from EE
Diffstat (limited to 'app/finders/snippets_finder.rb')
-rw-r--r--app/finders/snippets_finder.rb10
1 files changed, 8 insertions, 2 deletions
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index ec61fe1892e..a73c573736e 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -13,7 +13,9 @@
# params are optional
class SnippetsFinder < UnionFinder
include Gitlab::Allowable
- attr_accessor :current_user, :params, :project
+ include FinderMethods
+
+ attr_accessor :current_user, :project, :params
def initialize(current_user, params = {})
@current_user = current_user
@@ -52,10 +54,14 @@ class SnippetsFinder < UnionFinder
end
def authorized_snippets
- Snippet.where(feature_available_projects.or(not_project_related)).public_or_visible_to_user(current_user)
+ Snippet.where(feature_available_projects.or(not_project_related))
+ .public_or_visible_to_user(current_user)
end
def feature_available_projects
+ # Don't return any project related snippets if the user cannot read cross project
+ return table[:id].eq(nil) unless Ability.allowed?(current_user, :read_cross_project)
+
projects = Project.public_or_visible_to_user(current_user, use_where_in: false) do |part|
part.with_feature_available_for_user(:snippets, current_user)
end.select(:id)