diff options
Diffstat (limited to 'app/finders/snippets_finder.rb')
| -rw-r--r-- | app/finders/snippets_finder.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb index ec61fe1892e..a73c573736e 100644 --- a/app/finders/snippets_finder.rb +++ b/app/finders/snippets_finder.rb @@ -13,7 +13,9 @@ # params are optional class SnippetsFinder < UnionFinder include Gitlab::Allowable - attr_accessor :current_user, :params, :project + include FinderMethods + + attr_accessor :current_user, :project, :params def initialize(current_user, params = {}) @current_user = current_user @@ -52,10 +54,14 @@ class SnippetsFinder < UnionFinder end def authorized_snippets - Snippet.where(feature_available_projects.or(not_project_related)).public_or_visible_to_user(current_user) + Snippet.where(feature_available_projects.or(not_project_related)) + .public_or_visible_to_user(current_user) end def feature_available_projects + # Don't return any project related snippets if the user cannot read cross project + return table[:id].eq(nil) unless Ability.allowed?(current_user, :read_cross_project) + projects = Project.public_or_visible_to_user(current_user, use_where_in: false) do |part| part.with_feature_available_for_user(:snippets, current_user) end.select(:id) |