diff options
author | Sean McGivern <sean@gitlab.com> | 2018-12-18 08:52:51 +0000 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2018-12-18 08:52:51 +0000 |
commit | 41a942bedaa9ef003a5a2579d3f7d986c506818d (patch) | |
tree | b9f4dae01ea01cc723b417c3ecb494308cd55d42 /lib | |
parent | 37e6863e963ed8e6c04db38c1ffaacf6db61db99 (diff) | |
parent | 28acd2b087d5b80cd89354d58f937aed0f4928cb (diff) | |
download | gitlab-ce-41a942bedaa9ef003a5a2579d3f7d986c506818d.tar.gz |
Merge branch 'bvl-hide-confidential-events-take2' into 'master'
Hide confidential events in ruby
Closes #51791
See merge request gitlab-org/gitlab-ce!23746
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/events.rb | 42 |
1 files changed, 12 insertions, 30 deletions
diff --git a/lib/api/events.rb b/lib/api/events.rb index 44dae57770d..b98aa9f31e1 100644 --- a/lib/api/events.rb +++ b/lib/api/events.rb @@ -18,29 +18,15 @@ module API desc: 'Return events sorted in ascending and descending order' end - RedactedEvent = OpenStruct.new(target_title: 'Confidential event').freeze - - def redact_events(events) - events.map do |event| - if event.visible_to_user?(current_user) - event - else - RedactedEvent - end - end - end - - # rubocop: disable CodeReuse/ActiveRecord - def present_events(events, redact: true) - events = events.reorder(created_at: params[:sort]) - .with_associations - + def present_events(events) events = paginate(events) - events = redact_events(events) if redact present events, with: Entities::Event end - # rubocop: enable CodeReuse/ActiveRecord + + def find_events(source) + EventsFinder.new(params.merge(source: source, current_user: current_user, with_associations: true)).execute + end end resource :events do @@ -55,16 +41,14 @@ module API use :event_filter_params use :sort_params end - # rubocop: disable CodeReuse/ActiveRecord + get do authenticate! - events = EventsFinder.new(params.merge(source: current_user, current_user: current_user)).execute.preload(:author, :target) + events = find_events(current_user) - # Since we're viewing our own events, redaction is unnecessary - present_events(events, redact: false) + present_events(events) end - # rubocop: enable CodeReuse/ActiveRecord end params do @@ -82,16 +66,15 @@ module API use :event_filter_params use :sort_params end - # rubocop: disable CodeReuse/ActiveRecord + get ':id/events' do user = find_user(params[:id]) not_found!('User') unless user - events = EventsFinder.new(params.merge(source: user, current_user: current_user)).execute.preload(:author, :target) + events = find_events(user) present_events(events) end - # rubocop: enable CodeReuse/ActiveRecord end params do @@ -106,13 +89,12 @@ module API use :event_filter_params use :sort_params end - # rubocop: disable CodeReuse/ActiveRecord + get ":id/events" do - events = EventsFinder.new(params.merge(source: user_project, current_user: current_user)).execute.preload(:author, :target) + events = find_events(user_project) present_events(events) end - # rubocop: enable CodeReuse/ActiveRecord end end end |