diff options
author | Alexis Reigel <alexis.reigel.ext@siemens.com> | 2018-09-17 18:37:20 +0300 |
---|---|---|
committer | Alexis Reigel <alexis.reigel.ext@siemens.com> | 2019-03-14 20:21:02 +0300 |
commit | d7a3e54be4af3206681b3e81c746e3f7c31f52e5 (patch) | |
tree | 41429ad51670a1bc9501c080e45addbd7591f158 /lib/gitlab/group_search_results.rb | |
parent | 0592233a1add02c02a706ae1aa2f66661155146a (diff) |
only users from groups the current user has access
Diffstat (limited to 'lib/gitlab/group_search_results.rb')
-rw-r--r-- | lib/gitlab/group_search_results.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/gitlab/group_search_results.rb b/lib/gitlab/group_search_results.rb index 0654d5e25b4..8223135dc07 100644 --- a/lib/gitlab/group_search_results.rb +++ b/lib/gitlab/group_search_results.rb @@ -10,7 +10,14 @@ module Gitlab # rubocop:disable CodeReuse/ActiveRecord def users - super.where(id: @group.users_with_descendants) + # 1: get all groups the current user has access to + groups = GroupsFinder.new(current_user).execute.joins(:users) + + # 2: get all users the current user has access to (-> `SearchResults#users`) + users = super + + # 3: filter for users that belong to the previously selected groups + users.where(id: groups.select('members.user_id')) end # rubocop:enable CodeReuse/ActiveRecord end |