diff options
Diffstat (limited to 'app/finders')
-rw-r--r-- | app/finders/environments/environment_names_finder.rb | 11 | ||||
-rw-r--r-- | app/finders/notes_finder.rb | 8 |
2 files changed, 9 insertions, 10 deletions
diff --git a/app/finders/environments/environment_names_finder.rb b/app/finders/environments/environment_names_finder.rb index d4928f0fc84..ffb689f45e2 100644 --- a/app/finders/environments/environment_names_finder.rb +++ b/app/finders/environments/environment_names_finder.rb @@ -32,18 +32,9 @@ module Environments end def namespace_environments - # We assume reporter access is needed for the :read_environment permission - # here. This expection is also present in - # IssuableFinder::Params#min_access_level, which is used for filtering out - # merge requests that don't have the right permissions. - # - # We use this approach so we don't need to load every project into memory - # just to verify if we can see their environments. Doing so would not be - # efficient, and possibly mess up pagination if certain projects are not - # meant to be visible. projects = project_or_group .all_projects - .public_or_visible_to_user(current_user, Gitlab::Access::REPORTER) + .filter_by_feature_visibility(:environments, current_user) Environment.for_project(projects) end diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb index c542ffbce7e..81017290f12 100644 --- a/app/finders/notes_finder.rb +++ b/app/finders/notes_finder.rb @@ -30,6 +30,7 @@ class NotesFinder notes = init_collection notes = since_fetch_at(notes) notes = notes.with_notes_filter(@params[:notes_filter]) if notes_filter? + notes = redact_internal(notes) sort(notes) end @@ -181,6 +182,13 @@ class NotesFinder notes.order_by(sort) end + + def redact_internal(notes) + subject = @project || target + return notes if Ability.allowed?(@current_user, :read_internal_note, subject) + + notes.not_internal + end end NotesFinder.prepend_mod_with('NotesFinder') |