From 6d72bb383286e18421c7b5756f8109a6ccbe05b5 Mon Sep 17 00:00:00 2001
From: "Marko, Peter" <peter.marko@siemens.com>
Date: Sun, 8 Jul 2018 21:43:06 +0200
Subject: Add min_access_level filter to projects API

Signed-off-by: Marko, Peter <peter.marko@siemens.com>
---
 app/finders/personal_projects_finder.rb | 19 ++++++++++++++++---
 app/finders/projects_finder.rb          | 17 +++++++++++++++--
 2 files changed, 31 insertions(+), 5 deletions(-)

(limited to 'app/finders')

diff --git a/app/finders/personal_projects_finder.rb b/app/finders/personal_projects_finder.rb
index 5aea0cb8192..18adfea747f 100644
--- a/app/finders/personal_projects_finder.rb
+++ b/app/finders/personal_projects_finder.rb
@@ -1,6 +1,7 @@
 class PersonalProjectsFinder < UnionFinder
-  def initialize(user)
+  def initialize(user, params = {})
     @user = user
+    @params = params
   end
 
   # Finds the projects belonging to the user in "@user", limited to either
@@ -8,6 +9,8 @@ class PersonalProjectsFinder < UnionFinder
   #
   # current_user - When given the list of projects is limited to those only
   #                visible by this user.
+  # params       - Optional query parameters
+  #                  min_access_level: integer
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
@@ -19,11 +22,21 @@ class PersonalProjectsFinder < UnionFinder
   private
 
   def all_projects(current_user)
-    projects = []
+    return [projects_with_min_access_level(current_user)] if current_user && min_access_level?
 
+    projects = []
     projects << @user.personal_projects.visible_to_user(current_user) if current_user
     projects << @user.personal_projects.public_to_user(current_user)
-
     projects
   end
+
+  def projects_with_min_access_level(current_user)
+    @user
+      .personal_projects
+      .visible_to_user_and_access_level(current_user, @params[:min_access_level])
+  end
+
+  def min_access_level?
+    @params[:min_access_level].present?
+  end
 end
diff --git a/app/finders/projects_finder.rb b/app/finders/projects_finder.rb
index b06595081e7..cac6643eff3 100644
--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -17,6 +17,7 @@
 #     search: string
 #     non_archived: boolean
 #     archived: 'only' or boolean
+#     min_access_level: integer
 #
 class ProjectsFinder < UnionFinder
   include CustomAttributesFilter
@@ -34,7 +35,7 @@ class ProjectsFinder < UnionFinder
     user = params.delete(:user)
     collection =
       if user
-        PersonalProjectsFinder.new(user).execute(current_user)
+        PersonalProjectsFinder.new(user, finder_params).execute(current_user)
       else
         init_collection
       end
@@ -65,6 +66,8 @@ class ProjectsFinder < UnionFinder
   def collection_with_user
     if owned_projects?
       current_user.owned_projects
+    elsif min_access_level?
+      current_user.authorized_projects.where('project_authorizations.access_level >= ?', params[:min_access_level])
     else
       if private_only?
         current_user.authorized_projects
@@ -76,7 +79,7 @@ class ProjectsFinder < UnionFinder
 
   # Builds a collection for an anonymous user.
   def collection_without_user
-    if private_only? || owned_projects?
+    if private_only? || owned_projects? || min_access_level?
       Project.none
     else
       Project.public_to_user
@@ -91,6 +94,10 @@ class ProjectsFinder < UnionFinder
     params[:non_public].present?
   end
 
+  def min_access_level?
+    params[:min_access_level].present?
+  end
+
   def by_ids(items)
     project_ids_relation ? items.where(id: project_ids_relation) : items
   end
@@ -143,4 +150,10 @@ class ProjectsFinder < UnionFinder
       projects
     end
   end
+
+  def finder_params
+    return {} unless min_access_level?
+
+    { min_access_level: params[:min_access_level] }
+  end
 end
-- 
cgit v1.2.1