From 222fda90362a3be9e54323af32234d038b99908d Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 29 Jun 2022 14:11:15 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee

---
 app/finders/ci/runner_jobs_finder.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'app/finders')

diff --git a/app/finders/ci/runner_jobs_finder.rb b/app/finders/ci/runner_jobs_finder.rb
index 9dc3c2a2427..b659eda6646 100644
--- a/app/finders/ci/runner_jobs_finder.rb
+++ b/app/finders/ci/runner_jobs_finder.rb
@@ -6,19 +6,29 @@ module Ci
 
     ALLOWED_INDEXED_COLUMNS = %w[id].freeze
 
-    def initialize(runner, params = {})
+    def initialize(runner, current_user, params = {})
       @runner = runner
+      @user = current_user
       @params = params
     end
 
     def execute
       items = @runner.builds
+      items = by_permission(items)
       items = by_status(items)
       sort_items(items)
     end
 
     private
 
+    # rubocop: disable CodeReuse/ActiveRecord
+    def by_permission(items)
+      return items if @user.can_read_all_resources?
+
+      items.for_project(@user.authorized_project_mirrors(Gitlab::Access::REPORTER).select(:project_id))
+    end
+    # rubocop: enable CodeReuse/ActiveRecord
+
     # rubocop: disable CodeReuse/ActiveRecord
     def by_status(items)
       return items unless Ci::HasStatus::AVAILABLE_STATUSES.include?(params[:status])
-- 
cgit v1.2.3