summaryrefslogtreecommitdiff
path: root/app/finders/concerns/finder_with_group_hierarchy.rb
blob: 4ced544ba2cf44fcbe323a69e67d9737675a6f3b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

# frozen_string_literal: true

# Module to include into finders to provide support for querying for
# objects up and down the group hierarchy.  Extracted from LabelsFinder
#
# Supports params:
#   :group
#   :group_id
#   :include_ancestor_groups
#   :include_descendant_groups
module FinderWithGroupHierarchy
  extend ActiveSupport::Concern

  private

  def item_ids
    raise NotImplementedError
  end

  # Gets redacted array of group ids
  # which can include the ancestors and descendants of the requested group.
  def group_ids_for(group)
    strong_memoize(:group_ids) do
      groups = groups_to_include(group)

      # Because we are sure that all groups are in the same hierarchy tree
      # we can preset root group for all of them to optimize permission checks
      Group.preset_root_ancestor_for(groups)

      # Preloading the max access level for the given groups to avoid N+1 queries
      # during the access check.
      if !skip_authorization && current_user && Feature.enabled?(:preload_max_access_levels_for_labels_finder, group)
        Preloaders::UserMaxAccessLevelInGroupsPreloader.new(groups, current_user).execute
      end

      groups_user_can_read_items(groups).map(&:id)
    end
  end

  def groups_to_include(group)
    groups = [group]

    groups += group.ancestors if include_ancestor_groups?
    groups += group.descendants if include_descendant_groups?

    groups
  end

  def include_ancestor_groups?
    params[:include_ancestor_groups]
  end

  def include_descendant_groups?
    params[:include_descendant_groups]
  end

  def group?
    params[:group].present? || params[:group_id].present?
  end

  def group
    strong_memoize(:group) { params[:group].presence || Group.find(params[:group_id]) }
  end

  def read_permission
    raise NotImplementedError
  end

  def authorized_to_read_item?(item_parent)
    return true if skip_authorization

    Ability.allowed?(current_user, read_permission, item_parent)
  end

  def groups_user_can_read_items(groups)
    DeclarativePolicy.user_scope do
      groups.select { |group| authorized_to_read_item?(group) }
    end
  end
end
View Lorry Controller Status