Check can :read_clusters in finder

This is in addtion to the can checks we have in the controller, as a finder can be used elsewhere in the future.
author: Thong Kuah <tkuah@gitlab.com> 2018-12-07 07:47:41 +1300
committer: Thong Kuah <tkuah@gitlab.com> 2018-12-17 09:51:53 +1300
commit: 2ad5f999e95ed0627e2c8aea9da670b7da559bab (patch)
tree: 2174d4ea0a9b26828efe0e7aedf9f6e23788085a /app/finders
parent: 0e78834bc939980e40aef65b6b51f29293dab6d9 (diff)
download: gitlab-ce-2ad5f999e95ed0627e2c8aea9da670b7da559bab.tar.gz
1 files changed, 9 insertions, 3 deletions
diff --git a/app/finders/cluster_ancestors_finder.rb b/app/finders/cluster_ancestors_finder.rb
index 9f85e6e5c31..586fceb258a 100644
--- a/app/finders/cluster_ancestors_finder.rb
+++ b/app/finders/cluster_ancestors_finder.rb
@@ -1,18 +1,24 @@
 # frozen_string_literal: true
 
 class ClusterAncestorsFinder
-  def initialize(clusterable, user)
+  def initialize(clusterable, current_user)
     @clusterable = clusterable
-    @user = user
+    @current_user = current_user
   end
 
   def execute
+    return [] unless can_read_clusters?
+
     clusterable.clusters + ancestor_clusters
   end
 
   private
 
-  attr_reader :clusterable, :user
+  attr_reader :clusterable, :current_user
+
+  def can_read_clusters?
+    Ability.allowed?(current_user, :read_cluster, clusterable)
+  end
 
   def ancestor_clusters
     Clusters::Cluster.ancestor_clusters_for_clusterable(clusterable)
author	Thong Kuah <tkuah@gitlab.com>	2018-12-07 07:47:41 +1300
committer	Thong Kuah <tkuah@gitlab.com>	2018-12-17 09:51:53 +1300
commit	2ad5f999e95ed0627e2c8aea9da670b7da559bab (patch)
tree	2174d4ea0a9b26828efe0e7aedf9f6e23788085a /app/finders
parent	0e78834bc939980e40aef65b6b51f29293dab6d9 (diff)
download	gitlab-ce-2ad5f999e95ed0627e2c8aea9da670b7da559bab.tar.gz