diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-02 21:26:53 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-02 21:26:53 +0000 |
| commit | b30f7e36de53f94df4022815d3fbdadc4368a7e3 (patch) | |
| tree | 422cc3db247e7d5e9d6dcb9cc40618b863cd64ce /lib | |
| parent | c8edb9de30c95e9e715a1e31e7667f94fb7f3dec (diff) | |
| download | gitlab-ce-b30f7e36de53f94df4022815d3fbdadc4368a7e3.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/todos.rb | 1 | ||||
| -rw-r--r-- | lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb | 26 |
2 files changed, 27 insertions, 0 deletions
diff --git a/lib/api/todos.rb b/lib/api/todos.rb index a001313a11f..e0e5ca615ac 100644 --- a/lib/api/todos.rb +++ b/lib/api/todos.rb @@ -92,6 +92,7 @@ module API end get do todos = paginate(find_todos.with_entity_associations) + todos = ::Todos::AllowedTargetFilterService.new(todos, current_user).execute options = { with: Entities::Todo, current_user: current_user } batch_load_issuable_metadata(todos, options) diff --git a/lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb b/lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb new file mode 100644 index 00000000000..77f3b1ac71a --- /dev/null +++ b/lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module Gitlab + module Graphql + module TodosProjectPermissionPreloader + class FieldExtension < ::GraphQL::Schema::FieldExtension + def after_resolve(value:, memo:, **rest) + todos = value.to_a + + Preloaders::UserMaxAccessLevelInProjectsPreloader.new( + todos.map(&:project).compact, + current_user(rest) + ).execute + + value + end + + private + + def current_user(options) + options.dig(:context, :current_user) + end + end + end + end +end |