Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
c01f8b2a
Commit
c01f8b2a
authored
Mar 04, 2022
by
Eugenia Grieff
Committed by
Michael Kozono
Mar 04, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add method to query related epics of an epic
- Add permissions check - Add specs
parent
74396353
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
197 additions
and
0 deletions
+197
-0
ee/app/models/ee/epic.rb
ee/app/models/ee/epic.rb
+31
-0
ee/spec/models/epic_spec.rb
ee/spec/models/epic_spec.rb
+166
-0
No files found.
ee/app/models/ee/epic.rb
View file @
c01f8b2a
...
@@ -367,6 +367,12 @@ module EE
...
@@ -367,6 +367,12 @@ module EE
)
)
])
])
end
end
def
epics_readable_by_user
(
epics
,
user
=
nil
)
DeclarativePolicy
.
user_scope
do
epics
.
select
{
|
epic
|
epic
.
readable_by?
(
user
)
}
end
end
end
end
def
text_color
def
text_color
...
@@ -571,5 +577,30 @@ module EE
...
@@ -571,5 +577,30 @@ module EE
errors
.
add
:confidential
,
_
(
'A non-confidential epic cannot be assigned to a confidential parent epic'
)
errors
.
add
:confidential
,
_
(
'A non-confidential epic cannot be assigned to a confidential parent epic'
)
end
end
end
end
def
related_epics
(
current_user
,
preload:
nil
)
select_for_related_epics
=
::
Epic
.
select
([
'epics.*'
,
'related_epic_links.id AS related_epic_link_id'
,
'related_epic_links.link_type as related_epic_link_type_value'
,
'related_epic_links.target_id as related_epic_link_source_id'
,
'related_epic_links.created_at as related_epic_link_created_at'
,
'related_epic_links.updated_at as related_epic_link_updated_at'
])
target_epics
=
select_for_related_epics
.
joins
(
"INNER JOIN related_epic_links ON related_epic_links.target_id = epics.id"
)
.
where
(
related_epic_links:
{
source_id:
id
})
source_epics
=
select_for_related_epics
.
joins
(
"INNER JOIN related_epic_links ON related_epic_links.source_id = epics.id"
)
.
where
(
related_epic_links:
{
target_id:
id
})
related_epics
=
::
Epic
.
from_union
([
target_epics
,
source_epics
])
.
preload
(
preload
)
.
reorder
(
'related_epic_link_id'
)
related_epics
=
yield
related_epics
if
block_given?
self
.
class
.
epics_readable_by_user
(
related_epics
,
current_user
)
end
end
end
end
end
ee/spec/models/epic_spec.rb
View file @
c01f8b2a
...
@@ -862,4 +862,170 @@ RSpec.describe Epic do
...
@@ -862,4 +862,170 @@ RSpec.describe Epic do
end
end
end
end
end
end
describe
'.epics_readable_by_user'
do
let_it_be
(
:visible_epic
)
{
create
(
:epic
)
}
let_it_be
(
:confidential_epic
)
{
create
(
:epic
,
:confidential
)
}
subject
{
described_class
.
epics_readable_by_user
(
epics
,
user
)
}
before
do
stub_licensed_features
(
epics:
true
)
end
let
(
:epics
)
{
[
visible_epic
]}
context
'with an admin when admin mode is enabled'
,
:enable_admin_mode
do
let
(
:user
)
{
build
(
:user
,
admin:
true
)
}
it
{
expect
(
subject
).
to
match_array
(
epics
)
}
end
context
'with an admin when admin mode is disabled'
do
let
(
:user
)
{
build
(
:user
,
admin:
true
)
}
it
'returns the epics readable by the admin'
do
expect
(
visible_epic
).
to
receive
(
:readable_by?
).
with
(
user
).
and_return
(
true
)
expect
(
subject
).
to
match_array
(
epics
)
end
it
'returns no epics when not given access'
do
allow
(
visible_epic
).
to
receive
(
:readable_by?
).
with
(
user
).
and_return
(
false
)
expect
(
subject
).
to
be_empty
end
end
context
'with a regular user'
do
let
(
:user
)
{
build
(
:user
)
}
it
'returns the epics readable by the user'
do
expect
(
visible_epic
).
to
receive
(
:readable_by?
).
with
(
user
).
and_return
(
true
)
expect
(
subject
).
to
match_array
(
epics
)
end
it
'returns an empty array when no epics are readable'
do
expect
(
visible_epic
).
to
receive
(
:readable_by?
).
with
(
user
).
and_return
(
false
)
expect
(
subject
).
to
be_empty
end
end
context
'without a regular user'
do
let
(
:user
)
{
nil
}
let
(
:epics
)
{
[
confidential_epic
,
visible_epic
]
}
it
'returns epics that are publicly visible'
do
expect
(
subject
).
to
contain_exactly
(
visible_epic
)
end
end
it
'avoids N+1 queries when authorizing a list of epics'
,
:request_store
do
user
=
create
(
:user
)
group
=
create
(
:group
,
:private
).
tap
{
|
group
|
group
.
add_maintainer
(
user
)
}
epic
=
create
(
:epic
,
group:
group
)
control
=
ActiveRecord
::
QueryRecorder
.
new
{
described_class
.
epics_readable_by_user
([
epic
],
user
)
}
new_group1
=
create
(
:group
,
:public
)
new_group3
=
create
(
:group
,
:public
)
new_group2
=
create
(
:group
,
:private
,
parent:
group
)
new_epic1
=
create
(
:epic
,
group:
new_group1
)
new_epic2
=
create
(
:epic
,
group:
new_group2
)
new_epic3
=
create
(
:epic
,
group:
new_group3
)
expect
{
described_class
.
epics_readable_by_user
([
epic
,
new_epic1
,
new_epic2
,
new_epic3
],
user
)
}
.
not_to
exceed_query_limit
(
control
).
with_threshold
(
4
)
# Permission checks perform N+1 queries.
# See https://gitlab.com/gitlab-org/gitlab/-/issues/353915 for more info.
end
context
'with group hierarchy'
do
let_it_be
(
:user
)
{
create
(
:user
)
}
let_it_be
(
:ancestor
)
{
create
(
:group
,
:private
)
}
let_it_be
(
:base_group
)
{
create
(
:group
,
:private
,
parent:
ancestor
)
}
let_it_be
(
:subgroup
)
{
create
(
:group
,
:private
,
parent:
base_group
)
}
let_it_be
(
:epic1
)
{
create
(
:epic
,
group:
ancestor
)
}
let_it_be
(
:epic2
)
{
create
(
:epic
,
group:
base_group
)
}
let_it_be
(
:epic3
)
{
create
(
:epic
,
group:
subgroup
)
}
let_it_be
(
:epics
)
{
[
epic1
,
epic2
,
epic3
]
}
context
'when user is not a member'
do
it
'returns no epic'
do
expect
(
described_class
.
epics_readable_by_user
(
epics
,
user
)).
to
be_empty
end
end
context
'when user is a reporter in the ancestor group'
do
before
do
ancestor
.
add_reporter
(
user
)
end
it
'returns epics from all groups'
do
expect
(
described_class
.
epics_readable_by_user
(
epics
,
user
)).
to
match_array
(
epics
)
end
end
context
'when user is a reporter in the base group'
do
before
do
base_group
.
add_reporter
(
user
)
end
it
'returns epics in main group and its descendants'
do
expect
(
described_class
.
epics_readable_by_user
(
epics
,
user
)).
to
contain_exactly
(
epic2
,
epic3
)
end
end
context
'when user is a reporter in the subgroup'
do
before
do
subgroup
.
add_reporter
(
user
)
end
it
'returns epics in subgroup'
do
expect
(
described_class
.
epics_readable_by_user
(
epics
,
user
)).
to
contain_exactly
(
epic3
)
end
end
end
end
describe
'#related_epics'
do
let_it_be_with_reload
(
:epic
)
{
create
(
:epic
)
}
let_it_be
(
:user
)
{
create
(
:user
)
}
let_it_be
(
:public_epic
)
{
create
(
:epic
)
}
let_it_be
(
:confidential_epic
)
{
create
(
:epic
,
:confidential
)
}
let_it_be
(
:sub_epic
)
{
create
(
:epic
,
group:
create
(
:group
,
parent:
epic
.
group
))
}
let_it_be
(
:private_epic
)
{
create
(
:epic
,
group:
create
(
:group
,
:private
))
}
before
do
epic
.
group
.
add_reporter
(
user
)
end
context
'when epics feature is enabled'
do
before
do
stub_licensed_features
(
epics:
true
)
[
public_epic
,
confidential_epic
,
sub_epic
,
private_epic
].
each
do
|
source_epic
|
create
(
:related_epic_link
,
source:
source_epic
,
target:
epic
)
end
end
it
'returns readable related epics of the epic'
do
expect
(
epic
.
related_epics
(
user
)).
to
contain_exactly
(
public_epic
,
sub_epic
)
end
end
context
'when epics feature is disabled'
do
before
do
stub_licensed_features
(
epics:
false
)
end
it
'returns empty result'
do
expect
(
epic
.
related_epics
(
user
)).
to
be_empty
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment