diff options
Diffstat (limited to 'app/finders/issues_finder.rb')
| -rw-r--r-- | app/finders/issues_finder.rb | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb index 40d6730d232..7595b1c7a15 100644 --- a/app/finders/issues_finder.rb +++ b/app/finders/issues_finder.rb @@ -11,7 +11,8 @@ # state: 'opened' or 'closed' or 'all' # group_id: integer # project_id: integer -# milestone_title: string +# milestone_title: string (cannot be simultaneously used with milestone_wildcard_id) +# milestone_wildcard_id: 'none', 'any', 'upcoming', 'started' (cannot be simultaneously used with milestone_title) # assignee_id: integer # search: string # in: 'title', 'description', or a string joining them with comma @@ -25,7 +26,7 @@ # updated_after: datetime # updated_before: datetime # confidential: boolean -# issue_types: array of strings (one of Issue.issue_types) +# issue_types: array of strings (one of WorkItem::Type.base_types) # class IssuesFinder < IssuableFinder CONFIDENTIAL_ACCESS_LEVEL = Gitlab::Access::REPORTER @@ -46,17 +47,22 @@ class IssuesFinder < IssuableFinder # rubocop: disable CodeReuse/ActiveRecord def with_confidentiality_access_check - return Issue.all if params.user_can_see_all_confidential_issues? + return Issue.all if params.user_can_see_all_issues? + + # Only admins can see hidden issues, so for non-admins, we filter out any hidden issues + issues = Issue.without_hidden + + return issues.all if params.user_can_see_all_confidential_issues? # If already filtering by assignee we can skip confidentiality since a user # can always see confidential issues assigned to them. This is just an # optimization since a very common usecase of this Finder is to load the # count of issues assigned to the user for the header bar. - return Issue.all if current_user && assignee_filter.includes_user?(current_user) + return issues.all if current_user && assignee_filter.includes_user?(current_user) - return Issue.where('issues.confidential IS NOT TRUE') if params.user_cannot_see_confidential_issues? + return issues.where('issues.confidential IS NOT TRUE') if params.user_cannot_see_confidential_issues? - Issue.where(' + issues.where(' issues.confidential IS NOT TRUE OR (issues.confidential = TRUE AND (issues.author_id = :user_id @@ -111,7 +117,7 @@ class IssuesFinder < IssuableFinder def by_issue_types(items) issue_type_params = Array(params[:issue_types]).map(&:to_s) return items if issue_type_params.blank? - return Issue.none unless (Issue.issue_types.keys & issue_type_params).sort == issue_type_params.sort + return Issue.none unless (WorkItem::Type.base_types.keys & issue_type_params).sort == issue_type_params.sort items.with_issue_type(params[:issue_types]) end |