Fix user page performance and authorization

1 files changed, 10 insertions, 7 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8c5605c8b4b..4c2fe4c3c8d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,11 +4,8 @@ class UsersController < ApplicationController
   layout :determine_layout
 
   def show
-    # Projects user can view
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    authorized_projects_ids = visible_projects.pluck(:id)
-
-    @contributed_projects = Project.where(id: authorized_projects_ids).
+    @contributed_projects = Project.
+      where(id: authorized_projects_ids & @user.contributed_projects_ids).
       in_group_namespace.includes(:namespace)
 
     @projects = @user.personal_projects.
@@ -32,8 +29,8 @@ class UsersController < ApplicationController
   end
 
   def calendar
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    calendar = Gitlab::CommitsCalendar.new(visible_projects, @user)
+    projects = Project.where(id: authorized_projects_ids & @user.contributed_projects_ids)
+    calendar = Gitlab::CommitsCalendar.new(projects, @user)
     @timestamps = calendar.timestamps
     @starting_year = calendar.starting_year
     @starting_month = calendar.starting_month
@@ -58,4 +55,10 @@ class UsersController < ApplicationController
       return authenticate_user!
     end
   end
+
+  def authorized_projects_ids
+    # Projects user can view
+    @authorized_projects_ids ||=
+      ProjectsFinder.new.execute(current_user).pluck(:id)
+  end
 end