summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-08-02 21:26:53 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-08-02 21:26:53 +0000
commitb30f7e36de53f94df4022815d3fbdadc4368a7e3 (patch)
tree422cc3db247e7d5e9d6dcb9cc40618b863cd64ce /lib
parentc8edb9de30c95e9e715a1e31e7667f94fb7f3dec (diff)
downloadgitlab-ce-b30f7e36de53f94df4022815d3fbdadc4368a7e3.tar.gz
Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee
Diffstat (limited to 'lib')
-rw-r--r--lib/api/todos.rb1
-rw-r--r--lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb26
2 files changed, 27 insertions, 0 deletions
diff --git a/lib/api/todos.rb b/lib/api/todos.rb
index a001313a11f..e0e5ca615ac 100644
--- a/lib/api/todos.rb
+++ b/lib/api/todos.rb
@@ -92,6 +92,7 @@ module API
end
get do
todos = paginate(find_todos.with_entity_associations)
+ todos = ::Todos::AllowedTargetFilterService.new(todos, current_user).execute
options = { with: Entities::Todo, current_user: current_user }
batch_load_issuable_metadata(todos, options)
diff --git a/lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb b/lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb
new file mode 100644
index 00000000000..77f3b1ac71a
--- /dev/null
+++ b/lib/gitlab/graphql/todos_project_permission_preloader/field_extension.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Gitlab
+ module Graphql
+ module TodosProjectPermissionPreloader
+ class FieldExtension < ::GraphQL::Schema::FieldExtension
+ def after_resolve(value:, memo:, **rest)
+ todos = value.to_a
+
+ Preloaders::UserMaxAccessLevelInProjectsPreloader.new(
+ todos.map(&:project).compact,
+ current_user(rest)
+ ).execute
+
+ value
+ end
+
+ private
+
+ def current_user(options)
+ options.dig(:context, :current_user)
+ end
+ end
+ end
+ end
+end