Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e60ec753
Commit
e60ec753
authored
Jul 17, 2018
by
Jarka Kadlecová
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Don’t do authorisation checks for todos
parent
15179878
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
0 additions
and
45 deletions
+0
-45
app/finders/todos_finder.rb
app/finders/todos_finder.rb
+0
-19
spec/finders/todos_finder_spec.rb
spec/finders/todos_finder_spec.rb
+0
-26
No files found.
app/finders/todos_finder.rb
View file @
e60ec753
...
...
@@ -39,7 +39,6 @@ class TodosFinder
# Filtering by project HAS TO be the last because we use
# the project IDs yielded by the todos query thus far
items
=
by_project
(
items
)
items
=
visible_to_user
(
items
)
sort
(
items
)
end
...
...
@@ -96,10 +95,6 @@ class TodosFinder
@project
=
Project
.
find
(
params
[
:project_id
])
@project
=
nil
if
@project
.
pending_delete?
unless
Ability
.
allowed?
(
current_user
,
:read_project
,
@project
)
@project
=
nil
end
else
@project
=
nil
end
...
...
@@ -170,20 +165,6 @@ class TodosFinder
items
end
def
visible_to_user
(
items
)
projects
=
Project
.
public_or_visible_to_user
(
current_user
)
groups
=
Group
.
public_or_visible_to_user
(
current_user
)
items
.
joins
(
'LEFT JOIN namespaces ON namespaces.id = todos.group_id'
)
.
joins
(
'LEFT JOIN projects ON projects.id = todos.project_id'
)
.
where
(
'project_id IN (?) OR group_id IN (?)'
,
projects
.
select
(
:id
),
groups
.
select
(
:id
)
)
end
def
by_state
(
items
)
case
params
[
:state
].
to_s
when
'done'
...
...
spec/finders/todos_finder_spec.rb
View file @
e60ec753
...
...
@@ -14,32 +14,6 @@ describe TodosFinder do
end
describe
'#execute'
do
context
'visibility'
do
let
(
:private_group_access
)
{
create
(
:group
,
:private
)
}
let
(
:private_group_hidden
)
{
create
(
:group
,
:private
)
}
let
(
:public_project
)
{
create
(
:project
,
:public
)
}
let
(
:private_project_hidden
)
{
create
(
:project
)
}
let
(
:public_group
)
{
create
(
:group
)
}
let!
(
:todo1
)
{
create
(
:todo
,
user:
user
,
project:
project
,
group:
nil
)
}
let!
(
:todo2
)
{
create
(
:todo
,
user:
user
,
project:
public_project
,
group:
nil
)
}
let!
(
:todo3
)
{
create
(
:todo
,
user:
user
,
project:
private_project_hidden
,
group:
nil
)
}
let!
(
:todo4
)
{
create
(
:todo
,
user:
user
,
project:
nil
,
group:
group
)
}
let!
(
:todo5
)
{
create
(
:todo
,
user:
user
,
project:
nil
,
group:
private_group_access
)
}
let!
(
:todo6
)
{
create
(
:todo
,
user:
user
,
project:
nil
,
group:
private_group_hidden
)
}
let!
(
:todo7
)
{
create
(
:todo
,
user:
user
,
project:
nil
,
group:
public_group
)
}
before
do
private_group_access
.
add_developer
(
user
)
end
it
'returns only todos with a target a user has access to'
do
todos
=
finder
.
new
(
user
).
execute
expect
(
todos
).
to
match_array
([
todo1
,
todo2
,
todo4
,
todo5
,
todo7
])
end
end
context
'filtering'
do
let!
(
:todo1
)
{
create
(
:todo
,
user:
user
,
project:
project
,
target:
issue
)
}
let!
(
:todo2
)
{
create
(
:todo
,
user:
user
,
group:
group
,
target:
merge_request
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment