diff options
| author | Filipa Lacerda <filipa@gitlab.com> | 2018-02-12 10:50:32 +0000 |
|---|---|---|
| committer | Filipa Lacerda <filipa@gitlab.com> | 2018-02-12 10:50:32 +0000 |
| commit | ab7342406256ab5f04d40af496ef014d7c525389 (patch) | |
| tree | 57206fc6ba8e7cf2f8da4500b52d0303c40b7507 /app/models/snippet.rb | |
| parent | 853c80a9f72219d327fba1b92b539871086a08c9 (diff) | |
| parent | cc68b0dfb1bfad9347d47f063d525504aa0501c4 (diff) | |
| download | gitlab-ce-ab7342406256ab5f04d40af496ef014d7c525389.tar.gz | |
[ci skip] Merge branch 'master' into 42923-close-issue
* master: (21 commits)
GitLab QA: Add GITLAB_USER_TYPE to support different login types (e.g. standard, LDAP)
Return a warning string if we try to encode to unsupported encoding
Remove confirmation_input
Resolve failures in GitHub-ish import controller specs
Remove changelogs for already-released security patches
Merge branch 'mc/bug/38984-wildcard-protected-tags' into 'security-10-4'
Merge branch 'fix/gh-namespace-issue' into 'security-10-4'
Merge branch 'security-10-4-todo-api-reveals-sensitive-information' into 'security-10-4'
Merge branch 'fix-mermaid-xss' into 'security-10-4'
Merge branch 'security-10-4-25223-snippets-finder-doesnt-obey-feature-visibility' into 'security-10-4'
API - fix searching in group/project specified by path
Add documentation on how to build a QA Docker image
Fix english in style_guide_js.md
Adds tooltip for environment name Adds CSS for child envrionments
Do not attach runner to a non-exsiting network in QA
Remove not needed default statement
Improve docs about allowing some side effects on the constructor
Move all ENV to Runtime::Env
Rename .scss files to use snake_case
Moves missing branch into a vue file
...
Diffstat (limited to 'app/models/snippet.rb')
| -rw-r--r-- | app/models/snippet.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/app/models/snippet.rb b/app/models/snippet.rb index 7c8716f8c18..a58c208279e 100644 --- a/app/models/snippet.rb +++ b/app/models/snippet.rb @@ -74,6 +74,27 @@ class Snippet < ActiveRecord::Base @link_reference_pattern ||= super("snippets", /(?<snippet>\d+)/) end + # Returns a collection of snippets that are either public or visible to the + # logged in user. + # + # This method does not verify the user actually has the access to the project + # the snippet is in, so it should be only used on a relation that's already scoped + # for project access + def self.public_or_visible_to_user(user = nil) + if user + authorized = user + .project_authorizations + .select(1) + .where('project_authorizations.project_id = snippets.project_id') + + levels = Gitlab::VisibilityLevel.levels_for_user(user) + + where('EXISTS (?) OR snippets.visibility_level IN (?) or snippets.author_id = (?)', authorized, levels, user.id) + else + public_to_user + end + end + def to_reference(from = nil, full: false) reference = "#{self.class.reference_prefix}#{id}" |