Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2016-05-06 17:50:31 +0300
committerYorick Peterse <yorickpeterse@gmail.com>2016-05-11 20:12:32 +0300
commit6e62eb01665ca69933600fe977e35cb36804dace (patch)
treef7c413675c2ce6633f3383348cb0a74219828d9b
parent12553ce894dd8948fd8aa2ddd25c99d39f8cf4bc (diff)
Fixed RedactorFilter for new reference checking
The RedactorFilter class now uses the new batch based reference checking setup to filter out any nodes a user is not supposed to see.
-rw-r--r--lib/banzai/filter/redactor_filter.rb27
-rw-r--r--lib/banzai/reference_parser/parser.rb2
-rw-r--r--lib/banzai/reference_parser/user_parser.rb8
3 files changed, 24 insertions, 13 deletions
diff --git a/lib/banzai/filter/redactor_filter.rb b/lib/banzai/filter/redactor_filter.rb
index 613de8d5aca..4586d7fea1b 100644
--- a/lib/banzai/filter/redactor_filter.rb
+++ b/lib/banzai/filter/redactor_filter.rb
@@ -7,8 +7,11 @@ module Banzai
#
class RedactorFilter < HTML::Pipeline::Filter
def call
- Querying.css(doc, 'a.gfm').each do |node|
- unless user_can_see_reference?(node)
+ nodes = Querying.css(doc, 'a.gfm[data-reference-type]')
+ visible = nodes_visible_to_user(nodes)
+
+ nodes.each do |node|
+ unless visible.include?(node)
# The reference should be replaced by the original text,
# which is not always the same as the rendered text.
text = node.attr('data-original') || node.text
@@ -21,15 +24,21 @@ module Banzai
private
- def user_can_see_reference?(node)
- if node.has_attribute?('data-reference-type')
- reference_type = node.attr('data-reference-type')
- parser = Banzai::ReferenceParser[reference_type].new(nil, current_user)
+ def nodes_visible_to_user(nodes)
+ per_type = Hash.new { |h, k| h[k] = [] }
+ visible = Set.new
- parser.user_can_see_reference?(current_user, node)
- else
- true
+ nodes.each do |node|
+ per_type[node.attr('data-reference-type')] << node
end
+
+ per_type.each do |type, nodes|
+ parser = Banzai::ReferenceParser[type].new(nil, current_user)
+
+ visible.merge(parser.nodes_visible_to_user(current_user, nodes))
+ end
+
+ visible
end
def current_user
diff --git a/lib/banzai/reference_parser/parser.rb b/lib/banzai/reference_parser/parser.rb
index 0b025e8ee6c..3a21955868c 100644
--- a/lib/banzai/reference_parser/parser.rb
+++ b/lib/banzai/reference_parser/parser.rb
@@ -29,7 +29,7 @@ module Banzai
if node.has_attribute?(project_attr)
node_project = projects[node.attr(project_attr).to_i]
- if node_project && node_project.id == project.id
+ if node_project && project && node_project.id == project.id
true
else
Ability.abilities.allowed?(user, :read_project, node_project)
diff --git a/lib/banzai/reference_parser/user_parser.rb b/lib/banzai/reference_parser/user_parser.rb
index 7df8e459187..a10ae7d7fee 100644
--- a/lib/banzai/reference_parser/user_parser.rb
+++ b/lib/banzai/reference_parser/user_parser.rb
@@ -30,10 +30,12 @@ module Banzai
nodes.each do |node|
if node.has_attribute?(group_attr)
- node_group = groups.fetch(node.attr(group_attr).to_i)
- allowed = Ability.abilities.allowed?(user, :read_group, node_group)
+ node_group = groups[node.attr(group_attr).to_i]
- visible << node if allowed
+ if node_group &&
+ Ability.abilities.allowed?(user, :read_group, node_group)
+ visible << node
+ end
# Remaining nodes will be processed by the parent class'
# implementation of this method.
else