Merge branch 'bvl-hide-confidential-events-take2' into 'master'

Hide confidential events in ruby Closes #51791 See merge request gitlab-org/gitlab-ce!23746
author: Sean McGivern <sean@gitlab.com> 2018-12-18 08:52:51 +0000
committer: Sean McGivern <sean@gitlab.com> 2018-12-18 08:52:51 +0000
commit: 41a942bedaa9ef003a5a2579d3f7d986c506818d (patch)
tree: b9f4dae01ea01cc723b417c3ecb494308cd55d42 /lib
parent: 37e6863e963ed8e6c04db38c1ffaacf6db61db99 (diff)
parent: 28acd2b087d5b80cd89354d58f937aed0f4928cb (diff)
download: gitlab-ce-41a942bedaa9ef003a5a2579d3f7d986c506818d.tar.gz
1 files changed, 12 insertions, 30 deletions
diff --git a/lib/api/events.rb b/lib/api/events.rb
index 44dae57770d..b98aa9f31e1 100644
--- a/lib/api/events.rb
+++ b/lib/api/events.rb
@@ -18,29 +18,15 @@ module API
                         desc: 'Return events sorted in ascending and descending order'
       end
 
-      RedactedEvent = OpenStruct.new(target_title: 'Confidential event').freeze
-
-      def redact_events(events)
-        events.map do |event|
-          if event.visible_to_user?(current_user)
-            event
-          else
-            RedactedEvent
-          end
-        end
-      end
-
-      # rubocop: disable CodeReuse/ActiveRecord
-      def present_events(events, redact: true)
-        events = events.reorder(created_at: params[:sort])
-                 .with_associations
-
+      def present_events(events)
         events = paginate(events)
-        events = redact_events(events) if redact
 
         present events, with: Entities::Event
       end
-      # rubocop: enable CodeReuse/ActiveRecord
+
+      def find_events(source)
+        EventsFinder.new(params.merge(source: source, current_user: current_user, with_associations: true)).execute
+      end
     end
 
     resource :events do
@@ -55,16 +41,14 @@ module API
         use :event_filter_params
         use :sort_params
       end
-      # rubocop: disable CodeReuse/ActiveRecord
+
       get do
         authenticate!
 
-        events = EventsFinder.new(params.merge(source: current_user, current_user: current_user)).execute.preload(:author, :target)
+        events = find_events(current_user)
 
-        # Since we're viewing our own events, redaction is unnecessary
-        present_events(events, redact: false)
+        present_events(events)
       end
-      # rubocop: enable CodeReuse/ActiveRecord
     end
 
     params do
@@ -82,16 +66,15 @@ module API
         use :event_filter_params
         use :sort_params
       end
-      # rubocop: disable CodeReuse/ActiveRecord
+
       get ':id/events' do
         user = find_user(params[:id])
         not_found!('User') unless user
 
-        events = EventsFinder.new(params.merge(source: user, current_user: current_user)).execute.preload(:author, :target)
+        events = find_events(user)
 
         present_events(events)
       end
-      # rubocop: enable CodeReuse/ActiveRecord
     end
 
     params do
@@ -106,13 +89,12 @@ module API
         use :event_filter_params
         use :sort_params
       end
-      # rubocop: disable CodeReuse/ActiveRecord
+
       get ":id/events" do
-        events = EventsFinder.new(params.merge(source: user_project, current_user: current_user)).execute.preload(:author, :target)
+        events = find_events(user_project)
 
         present_events(events)
       end
-      # rubocop: enable CodeReuse/ActiveRecord
     end
   end
 end
author	Sean McGivern <sean@gitlab.com>	2018-12-18 08:52:51 +0000
committer	Sean McGivern <sean@gitlab.com>	2018-12-18 08:52:51 +0000
commit	41a942bedaa9ef003a5a2579d3f7d986c506818d (patch)
tree	b9f4dae01ea01cc723b417c3ecb494308cd55d42 /lib
parent	37e6863e963ed8e6c04db38c1ffaacf6db61db99 (diff)
parent	28acd2b087d5b80cd89354d58f937aed0f4928cb (diff)
download	gitlab-ce-41a942bedaa9ef003a5a2579d3f7d986c506818d.tar.gz