From 2f0a764d310a8fc6628f560debfa930ef2842297 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 18 Feb 2015 13:28:24 -0800
Subject: Fix user page performance and authorization

---
 app/controllers/users_controller.rb | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'app/controllers/users_controller.rb')

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8c5605c8b4b..4c2fe4c3c8d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,11 +4,8 @@ class UsersController < ApplicationController
   layout :determine_layout
 
   def show
-    # Projects user can view
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    authorized_projects_ids = visible_projects.pluck(:id)
-
-    @contributed_projects = Project.where(id: authorized_projects_ids).
+    @contributed_projects = Project.
+      where(id: authorized_projects_ids & @user.contributed_projects_ids).
       in_group_namespace.includes(:namespace)
 
     @projects = @user.personal_projects.
@@ -32,8 +29,8 @@ class UsersController < ApplicationController
   end
 
   def calendar
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    calendar = Gitlab::CommitsCalendar.new(visible_projects, @user)
+    projects = Project.where(id: authorized_projects_ids & @user.contributed_projects_ids)
+    calendar = Gitlab::CommitsCalendar.new(projects, @user)
     @timestamps = calendar.timestamps
     @starting_year = calendar.starting_year
     @starting_month = calendar.starting_month
@@ -58,4 +55,10 @@ class UsersController < ApplicationController
       return authenticate_user!
     end
   end
+
+  def authorized_projects_ids
+    # Projects user can view
+    @authorized_projects_ids ||=
+      ProjectsFinder.new.execute(current_user).pluck(:id)
+  end
 end
-- 
cgit v1.2.1