diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 18:08:04 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 18:08:04 +0300 |
| commit | 8c4225a66b12683bcf1bba9bb9328fcf65395b6d (patch) | |
| tree | d3b583abd26fcbbcbf0db828aee2b940414e1649 /app/finders | |
| parent | 075c890053f626018ba680e4da21a93743acb244 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/finders')
| -rw-r--r-- | app/finders/issuable_finder.rb | 5 | ||||
| -rw-r--r-- | app/finders/issuable_finder/params.rb | 5 | ||||
| -rw-r--r-- | app/finders/issues_finder.rb | 2 | ||||
| -rw-r--r-- | app/finders/issues_finder/params.rb | 8 |
4 files changed, 11 insertions, 9 deletions
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb index 5fcb81949ee..c5a3293ad2f 100644 --- a/app/finders/issuable_finder.rb +++ b/app/finders/issuable_finder.rb @@ -248,7 +248,10 @@ class IssuableFinder end def init_collection - klass.all + return klass.all if params.user_can_see_all_issuables? + + # Only admins and auditors can see hidden issuables, for other users we filter out hidden issuables + klass.without_hidden end def default_or_simple_sort? diff --git a/app/finders/issuable_finder/params.rb b/app/finders/issuable_finder/params.rb index 32d50802537..4e17f06e1c1 100644 --- a/app/finders/issuable_finder/params.rb +++ b/app/finders/issuable_finder/params.rb @@ -195,6 +195,11 @@ class IssuableFinder project || group end + def user_can_see_all_issuables? + Ability.allowed?(current_user, :read_all_resources) + end + strong_memoize_attr :user_can_see_all_issuables?, :user_can_see_all_issuables + private def projects_public_or_visible_to_user diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb index e12dce744b5..bd81f06f93b 100644 --- a/app/finders/issues_finder.rb +++ b/app/finders/issues_finder.rb @@ -49,7 +49,7 @@ class IssuesFinder < IssuableFinder # rubocop: disable CodeReuse/ActiveRecord def with_confidentiality_access_check - return model_class.all if params.user_can_see_all_issues? + return model_class.all if params.user_can_see_all_issuables? # Only admins can see hidden issues, so for non-admins, we filter out any hidden issues issues = model_class.without_hidden diff --git a/app/finders/issues_finder/params.rb b/app/finders/issues_finder/params.rb index 7f8acb79ed6..786bfbd4113 100644 --- a/app/finders/issues_finder/params.rb +++ b/app/finders/issues_finder/params.rb @@ -44,7 +44,7 @@ class IssuesFinder if parent Ability.allowed?(current_user, :read_confidential_issues, parent) else - user_can_see_all_issues? + user_can_see_all_issuables? end end end @@ -54,12 +54,6 @@ class IssuesFinder current_user.blank? end - - def user_can_see_all_issues? - strong_memoize(:user_can_see_all_issues) do - Ability.allowed?(current_user, :read_all_resources) - end - end end end |