Remove confidential access checks if user has group access

We simplify the query generated if the user can see all confidential issues in a project context. This change applies the same simplification to group issue lists.
author: Sean McGivern <sean@gitlab.com> 2018-09-05 12:05:19 +0100
committer: Sean McGivern <sean@gitlab.com> 2018-10-05 11:25:11 +0100
commit: 803671cc5374036a5b24bec917d1507c3fb231b4 (patch)
tree: 572e8a908cdc566a9654e244bc882f6c890f7e8d /app/finders
parent: b480d7121f179e93ab3cc533c4c148cbb366f7c2 (diff)
download: gitlab-ce-803671cc5374036a5b24bec917d1507c3fb231b4.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb
index 770e0bfe1a3..abdc47b9866 100644
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -120,9 +120,13 @@ class IssuesFinder < IssuableFinder
     return @user_can_see_all_confidential_issues = true if current_user.full_private_access?
 
     @user_can_see_all_confidential_issues =
-      project? &&
-      project &&
-      project.team.max_member_access(current_user.id) >= CONFIDENTIAL_ACCESS_LEVEL
+      if project? && project
+        project.team.max_member_access(current_user.id) >= CONFIDENTIAL_ACCESS_LEVEL
+      elsif group
+        group.max_member_access_for_user(current_user) >= CONFIDENTIAL_ACCESS_LEVEL
+      else
+        false
+      end
   end
 
   def user_cannot_see_confidential_issues?
author	Sean McGivern <sean@gitlab.com>	2018-09-05 12:05:19 +0100
committer	Sean McGivern <sean@gitlab.com>	2018-10-05 11:25:11 +0100
commit	803671cc5374036a5b24bec917d1507c3fb231b4 (patch)
tree	572e8a908cdc566a9654e244bc882f6c890f7e8d /app/finders
parent	b480d7121f179e93ab3cc533c4c148cbb366f7c2 (diff)
download	gitlab-ce-803671cc5374036a5b24bec917d1507c3fb231b4.tar.gz