EE port: Fix private feature Elasticsearch leak

Add spec to test different combinations.
Accept string for required_minimum_access_level
Allow more flexible project membership query

1 files changed, 6 insertions, 1 deletions

diff --git a/app/models/project.rb b/app/models/project.rb
index 7c065db9829..5c3bf4a3b5d 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -468,7 +468,7 @@ class Project < ApplicationRecord
   # the feature is either public, enabled, or internal with permission for the user.
   # Note: this scope doesn't enforce that the user has access to the projects, it just checks
   # that the user has access to the feature. It's important to use this scope with others
-  # that checks project authorizations first.
+  # that checks project authorizations first (e.g. `filter_by_feature_visibility`).
   #
   # This method uses an optimised version of `with_feature_access_level` for
   # logged in users to more efficiently get private projects with the given
@@ -496,6 +496,11 @@ class Project < ApplicationRecord
     end
   end
 
+  # This scope returns projects where user has access to both the project and the feature.
+  def self.filter_by_feature_visibility(feature, user)
+    with_feature_available_for_user(feature, user).public_or_visible_to_user(user)
+  end
+
   scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
   scope :abandoned, -> { where('projects.last_activity_at < ?', 6.months.ago) }