diff options
author | Nick Thomas <nick@gitlab.com> | 2018-09-21 11:44:34 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-09-21 16:33:08 +0300 |
commit | 45ced6c5de760ef64b1f5e201ce518b1912c7704 (patch) | |
tree | ad81f9c3c1fed3569b070592a3e16d7623915064 /lib | |
parent | 8c2192943a5efc4d0a28c67b04bf9b979def66a1 (diff) |
Redact events shown in the events API
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/events.rb | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/lib/api/events.rb b/lib/api/events.rb index dfe0e81af26..844103a5e76 100644 --- a/lib/api/events.rb +++ b/lib/api/events.rb @@ -16,12 +16,27 @@ module API desc: 'Return events sorted in ascending and descending order' end + RedactedEvent = OpenStruct.new(target_title: 'Confidential event').freeze + + def redact_events(events) + events.map do |event| + if event.visible_to_user?(current_user) + event + else + RedactedEvent + end + end + end + # rubocop: disable CodeReuse/ActiveRecord - def present_events(events) + def present_events(events, redact: true) events = events.reorder(created_at: params[:sort]) .with_associations - present paginate(events), with: Entities::Event + events = paginate(events) + events = redact_events(events) if redact + + present events, with: Entities::Event end # rubocop: enable CodeReuse/ActiveRecord end @@ -44,7 +59,8 @@ module API events = EventsFinder.new(params.merge(source: current_user, current_user: current_user)).execute.preload(:author, :target) - present_events(events) + # Since we're viewing our own events, redaction is unnecessary + present_events(events, redact: false) end # rubocop: enable CodeReuse/ActiveRecord end |