diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2019-09-17 14:38:09 +0200 |
---|---|---|
committer | Yorick Peterse <yorick@yorickpeterse.com> | 2019-09-30 14:22:04 +0200 |
commit | 2bb752322ed52dffa2741f0c2608e65a447ee1c4 (patch) | |
tree | c4de2c4827d81656b58862a56e1c7d6a9f3fb07c /app/finders | |
parent | 6a49482316c2dfb003c5c8d0646bc80a9ce50df8 (diff) | |
download | gitlab-ce-2bb752322ed52dffa2741f0c2608e65a447ee1c4.tar.gz |
Filter not accessible label events
Label events may use cross-project or cross-group references,
if the projects are not accessible by user, we don't show these
label events.
Diffstat (limited to 'app/finders')
-rw-r--r-- | app/finders/resource_label_event_finder.rb | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/app/finders/resource_label_event_finder.rb b/app/finders/resource_label_event_finder.rb new file mode 100644 index 00000000000..9aafd6e91b9 --- /dev/null +++ b/app/finders/resource_label_event_finder.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +class ResourceLabelEventFinder + include FinderMethods + + MAX_PER_PAGE = 100 + + attr_reader :params, :current_user, :eventable + + def initialize(current_user, eventable, params = {}) + @current_user = current_user + @eventable = eventable + @params = params + end + + def execute + events = eventable.resource_label_events.inc_relations + events = events.page(page).per(per_page) + events = visible_to_user(events) + + Kaminari.paginate_array(events) + end + + private + + def visible_to_user(events) + ResourceLabelEvent.preload_label_subjects(events) + + events.select do |event| + Ability.allowed?(current_user, :read_label, event) + end + end + + def per_page + [params[:per_page], MAX_PER_PAGE].compact.min + end + + def page + params[:page] || 1 + end +end |