1 files changed, 70 insertions, 0 deletions

diff --git a/app/services/issuable/discussions_list_service.rb b/app/services/issuable/discussions_list_service.rb
new file mode 100644
index 00000000000..7aa0363af01
--- /dev/null
+++ b/app/services/issuable/discussions_list_service.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+# This service return notes grouped by discussion ID and paginated per discussion.
+# System notes also have a discussion ID assigned including Synthetic system notes.
+module Issuable
+  class DiscussionsListService
+    include RendersNotes
+    include Gitlab::Utils::StrongMemoize
+
+    attr_reader :current_user, :issuable, :params
+
+    def initialize(current_user, issuable, params = {})
+      @current_user = current_user
+      @issuable = issuable
+      @params = params.dup
+    end
+
+    def execute
+      return Note.none unless can_read_issuable?
+
+      notes = NotesFinder.new(current_user, params.merge({ target: issuable, project: issuable.project }))
+                .execute.with_web_entity_associations.inc_relations_for_view.fresh
+
+      if paginator
+        paginated_discussions_by_type = paginator.records.group_by(&:table_name)
+
+        notes = if paginated_discussions_by_type['notes'].present?
+                  notes.with_discussion_ids(paginated_discussions_by_type['notes'].map(&:discussion_id))
+                else
+                  notes.none
+                end
+      end
+
+      if params[:notes_filter] != UserPreference::NOTES_FILTERS[:only_comments]
+        notes = ResourceEvents::MergeIntoNotesService.new(
+          issuable, current_user, paginated_notes: paginated_discussions_by_type
+        ).execute(notes)
+      end
+
+      notes = prepare_notes_for_rendering(notes)
+
+      # TODO: optimize this permission check.
+      # Given this loads notes on a single issuable and current permission system, we should not have to check
+      # permission on every single note. We should be able to check permission on the given issuable or its container,
+      # which should result in just one permission check. Perhaps that should also either be passed to NotesFinder or
+      # should be done in NotesFinder, which would decide right away if it would need to return no notes
+      # or if it should just filter out internal notes.
+      notes = notes.select { |n| n.readable_by?(current_user) }
+
+      Discussion.build_collection(notes, issuable)
+    end
+
+    def paginator
+      return if params[:per_page].blank?
+      return if issuable.instance_of?(MergeRequest) && Feature.disabled?(:paginated_mr_discussions, issuable.project)
+
+      strong_memoize(:paginator) do
+        issuable
+          .discussion_root_note_ids(notes_filter: params[:notes_filter])
+          .keyset_paginate(cursor: params[:cursor], per_page: params[:per_page].to_i)
+      end
+    end
+
+    def can_read_issuable?
+      return Ability.allowed?(current_user, :read_security_resource, issuable) if issuable.is_a?(Vulnerability)
+
+      Ability.allowed?(current_user, :"read_#{issuable.to_ability_name}", issuable)
+    end
+  end
+end