Fixed RedactorFilter for new reference checking

The RedactorFilter class now uses the new batch based reference checking
setup to filter out any nodes a user is not supposed to see.

3 files changed, 24 insertions, 13 deletions

diff --git a/lib/banzai/filter/redactor_filter.rb b/lib/banzai/filter/redactor_filter.rb
index 613de8d5aca..4586d7fea1b 100644
--- a/lib/banzai/filter/redactor_filter.rb
+++ b/lib/banzai/filter/redactor_filter.rb
@@ -7,8 +7,11 @@ module Banzai
     #
     class RedactorFilter < HTML::Pipeline::Filter
       def call
-        Querying.css(doc, 'a.gfm').each do |node|
-          unless user_can_see_reference?(node)
+        nodes = Querying.css(doc, 'a.gfm[data-reference-type]')
+        visible = nodes_visible_to_user(nodes)
+
+        nodes.each do |node|
+          unless visible.include?(node)
             # The reference should be replaced by the original text,
             # which is not always the same as the rendered text.
             text = node.attr('data-original') || node.text
@@ -21,15 +24,21 @@ module Banzai
 
       private
 
-      def user_can_see_reference?(node)
-        if node.has_attribute?('data-reference-type')
-          reference_type = node.attr('data-reference-type')
-          parser = Banzai::ReferenceParser[reference_type].new(nil, current_user)
+      def nodes_visible_to_user(nodes)
+        per_type = Hash.new { |h, k| h[k] = [] }
+        visible = Set.new
 
-          parser.user_can_see_reference?(current_user, node)
-        else
-          true
+        nodes.each do |node|
+          per_type[node.attr('data-reference-type')] << node
         end
+
+        per_type.each do |type, nodes|
+          parser = Banzai::ReferenceParser[type].new(nil, current_user)
+
+          visible.merge(parser.nodes_visible_to_user(current_user, nodes))
+        end
+
+        visible
       end
 
       def current_user
diff --git a/lib/banzai/reference_parser/parser.rb b/lib/banzai/reference_parser/parser.rb
index 0b025e8ee6c..3a21955868c 100644
--- a/lib/banzai/reference_parser/parser.rb
+++ b/lib/banzai/reference_parser/parser.rb
@@ -29,7 +29,7 @@ module Banzai
           if node.has_attribute?(project_attr)
             node_project = projects[node.attr(project_attr).to_i]
 
-            if node_project && node_project.id == project.id
+            if node_project && project && node_project.id == project.id
               true
             else
               Ability.abilities.allowed?(user, :read_project, node_project)
diff --git a/lib/banzai/reference_parser/user_parser.rb b/lib/banzai/reference_parser/user_parser.rb
index 7df8e459187..a10ae7d7fee 100644
--- a/lib/banzai/reference_parser/user_parser.rb
+++ b/lib/banzai/reference_parser/user_parser.rb
@@ -30,10 +30,12 @@ module Banzai
 
         nodes.each do |node|
           if node.has_attribute?(group_attr)
-            node_group = groups.fetch(node.attr(group_attr).to_i)
-            allowed = Ability.abilities.allowed?(user, :read_group, node_group)
+            node_group = groups[node.attr(group_attr).to_i]
 
-            visible << node if allowed
+            if node_group &&
+              Ability.abilities.allowed?(user, :read_group, node_group)
+              visible << node
+            end
           # Remaining nodes will be processed by the parent class'
           # implementation of this method.
           else