Port `read_cross_project` ability from EE

1 files changed, 8 insertions, 2 deletions

diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index ec61fe1892e..a73c573736e 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -13,7 +13,9 @@
 # params are optional
 class SnippetsFinder < UnionFinder
   include Gitlab::Allowable
-  attr_accessor :current_user, :params, :project
+  include FinderMethods
+
+  attr_accessor :current_user, :project, :params
 
   def initialize(current_user, params = {})
     @current_user = current_user
@@ -52,10 +54,14 @@ class SnippetsFinder < UnionFinder
   end
 
   def authorized_snippets
-    Snippet.where(feature_available_projects.or(not_project_related)).public_or_visible_to_user(current_user)
+    Snippet.where(feature_available_projects.or(not_project_related))
+      .public_or_visible_to_user(current_user)
   end
 
   def feature_available_projects
+    # Don't return any project related snippets if the user cannot read cross project
+    return table[:id].eq(nil) unless Ability.allowed?(current_user, :read_cross_project)
+
     projects = Project.public_or_visible_to_user(current_user, use_where_in: false) do |part|
       part.with_feature_available_for_user(:snippets, current_user)
     end.select(:id)