diff options
Diffstat (limited to 'app/finders')
-rw-r--r-- | app/finders/personal_projects_finder.rb | 4 | ||||
-rw-r--r-- | app/finders/user_recent_events_finder.rb | 3 |
2 files changed, 7 insertions, 0 deletions
diff --git a/app/finders/personal_projects_finder.rb b/app/finders/personal_projects_finder.rb index 18adfea747f..a56a3a1e1a9 100644 --- a/app/finders/personal_projects_finder.rb +++ b/app/finders/personal_projects_finder.rb @@ -1,4 +1,6 @@ class PersonalProjectsFinder < UnionFinder + include Gitlab::Allowable + def initialize(user, params = {}) @user = user @params = params @@ -14,6 +16,8 @@ class PersonalProjectsFinder < UnionFinder # # Returns an ActiveRecord::Relation. def execute(current_user = nil) + return Project.none unless can?(current_user, :read_user_profile, @user) + segments = all_projects(current_user) find_union(segments, Project).includes(:namespace).order_updated_desc diff --git a/app/finders/user_recent_events_finder.rb b/app/finders/user_recent_events_finder.rb index 74776b2ed1f..876f086a3ef 100644 --- a/app/finders/user_recent_events_finder.rb +++ b/app/finders/user_recent_events_finder.rb @@ -7,6 +7,7 @@ class UserRecentEventsFinder prepend FinderWithCrossProjectAccess include FinderMethods + include Gitlab::Allowable requires_cross_project_access @@ -21,6 +22,8 @@ class UserRecentEventsFinder end def execute + return Event.none unless can?(current_user, :read_user_profile, target_user) + recent_events(params[:offset] || 0) .joins(:project) .with_associations |