Welcome to mirror list, hosted at ThFree Co, Russian Federation.

finder_with_group_hierarchy.rb « concerns « finders « app - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
blob: 86ccac19b63a064ee4877ab7e90e24c0a5a78f37 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# frozen_string_literal: true

# Module to include into finders to provide support for querying for
# objects up and down the group hierarchy.  Extracted from LabelsFinder
#
# Supports params:
#   :group
#   :group_id
#   :include_ancestor_groups
#   :include_descendant_groups
module FinderWithGroupHierarchy
  extend ActiveSupport::Concern

  private

  def item_ids
    raise NotImplementedError
  end

  # Gets redacted array of group ids
  # which can include the ancestors and descendants of the requested group.
  def group_ids_for(group)
    strong_memoize(:group_ids) do
      groups = groups_to_include(group)

      # Because we are sure that all groups are in the same hierarchy tree
      # we can preset root group for all of them to optimize permission checks
      Group.preset_root_ancestor_for(groups)

      groups_user_can_read_items(groups).map(&:id)
    end
  end

  def groups_to_include(group)
    groups = [group]

    groups += group.ancestors if include_ancestor_groups?
    groups += group.descendants if include_descendant_groups?

    groups
  end

  def include_ancestor_groups?
    params[:include_ancestor_groups]
  end

  def include_descendant_groups?
    params[:include_descendant_groups]
  end

  def group?
    params[:group].present? || params[:group_id].present?
  end

  def group
    strong_memoize(:group) { params[:group].presence || Group.find(params[:group_id]) }
  end

  def read_permission
    raise NotImplementedError
  end

  def authorized_to_read_item?(item_parent)
    return true if skip_authorization

    Ability.allowed?(current_user, read_permission, item_parent)
  end

  def groups_user_can_read_items(groups)
    DeclarativePolicy.user_scope do
      groups.select { |group| authorized_to_read_item?(group) }
    end
  end
end