diff options
| author | Eugenia Grieff <egrieff@gitlab.com> | 2019-10-22 18:57:55 +0300 |
|---|---|---|
| committer | Eugenia Grieff <egrieff@gitlab.com> | 2019-10-22 18:57:55 +0300 |
| commit | b58dd075d32e852e6c7ab306c84945cb5d73c06a (patch) | |
| tree | d4b494bc2bda9edf65ffcbde56ed3f949d33e0b0 /app | |
| parent | 1425a56c75beecaa289ad59587d636f8f469509e (diff) | |
Fix labels finder to filter issuables
Use project scopes to filter project labels that are visible for user
Diffstat (limited to 'app')
| -rw-r--r-- | app/finders/labels_finder.rb | 8 | ||||
| -rw-r--r-- | app/models/project.rb | 8 |
2 files changed, 11 insertions, 5 deletions
diff --git a/app/finders/labels_finder.rb b/app/finders/labels_finder.rb index e523942ea4c..027cdc4fc78 100644 --- a/app/finders/labels_finder.rb +++ b/app/finders/labels_finder.rb @@ -51,7 +51,7 @@ class LabelsFinder < UnionFinder end label_ids << Label.where(group_id: projects.group_ids) - label_ids << Label.where(project_id: projects.select(:id)) unless only_group_labels? + label_ids << Label.where(project_id: ids_user_can_read_labels(projects)) unless only_group_labels? end label_ids @@ -188,4 +188,10 @@ class LabelsFinder < UnionFinder groups.select { |group| authorized_to_read_labels?(group) } end end + + # rubocop: disable CodeReuse/ActiveRecord + def ids_user_can_read_labels(projects) + Project.where(id: projects.select(:id)).ids_with_issuables_available_for(current_user) + end + # rubocop: enable CodeReuse/ActiveRecord end diff --git a/app/models/project.rb b/app/models/project.rb index 3525f37f8d5..1aecf3ef6ab 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -609,11 +609,11 @@ class Project < ApplicationRecord joins(:namespace).where(namespaces: { type: 'Group' }).select(:namespace_id) end - # Returns ids of projects with milestones available for given user + # Returns ids of projects with issuables available for given user # - # Used on queries to find milestones which user can see - # For example: Milestone.where(project_id: ids_with_milestone_available_for(user)) - def ids_with_milestone_available_for(user) + # Used on queries to find milestones or labels which user can see + # For example: Milestone.where(project_id: ids_with_issuables_available_for(user)) + def ids_with_issuables_available_for(user) with_issues_enabled = with_issues_available_for_user(user).select(:id) with_merge_requests_enabled = with_merge_requests_available_for_user(user).select(:id) |