Update redactiable results class list

Blob search returns ES::Model::Response::Response. To redact that, the old condition check for blobs is made more accurate by checking collection elements being blobs or not.

Update redactiable results class list
Blob search returns ES::Model::Response::Response. To redact that, the old condition check for blobs is made more accurate by checking collection elements being blobs or not.
eb5bd9fd · Mark Chao · ae5801be · eb5bd9fd · eb5bd9fd · eb5bd9fd
Commit eb5bd9fd authored Dec 11, 2019 by Mark Chao
3 changed files
--- a/ee/app/services/ee/search_service.rb
+++ b/ee/app/services/ee/search_service.rb
@@ -2,10 +2,14 @@

 module EE
  module SearchService
-    # Both of these classes conform to the necessary pagination interface and
-    # both of these are returned in various places from search results. There
+    # All of these classes conform to the necessary pagination interface and
+    # all of these are returned in various places from search results. There
    # doesn't seem to be a common ancestor to check.
-    REDACTABLE_RESULTS = [Kaminari::PaginatableArray, Elasticsearch::Model::Response::Records].freeze
+    REDACTABLE_RESULTS = [
+      Kaminari::PaginatableArray,
+      Elasticsearch::Model::Response::Records,
+      Elasticsearch::Model::Response::Response
+    ].freeze

    # This is a proper method instead of a `delegate` in order to
    # avoid adding unnecessary methods to Search::SnippetService

--- a/ee/lib/ee/api/search.rb
+++ b/ee/lib/ee/api/search.rb
@@ -26,7 +26,7 @@ module EE
          def process_results(results)
            return [] if results.empty?

-            if results.is_a?(::Elasticsearch::Model::Response::Response)
+            if results.any? { |result| result.is_a?(::Elasticsearch::Model::Response::Result) && result.respond_to?(:blob) }
              return paginate(results).map { |blob| ::Gitlab::Elastic::SearchResults.parse_search_result(blob) }
            end


--- a/ee/spec/services/search_service_spec.rb
+++ b/ee/spec/services/search_service_spec.rb
@@ -15,12 +15,14 @@ describe SearchService do
      let(:milestone_in_project) { create(:milestone, project: project) }

      # Resources the user does not have access to
-      let(:unauthorized_project) { create(:project) }
+      let(:unauthorized_project) { create(:project, :repository, :wiki_repo) }
      let(:issue1_in_unauthorized_project) { create(:issue, project: unauthorized_project) }
      let(:issue2_in_unauthorized_project) { create(:issue, project: unauthorized_project) }
      let(:note_on_unauthorized_issue) { create(:note, project: unauthorized_project, noteable: issue1_in_unauthorized_project) }
      let(:merge_request_in_unauthorized_project) { create(:merge_request_with_diffs, target_project: unauthorized_project, source_project: unauthorized_project) }
      let(:milestone_in_unauthorized_project) { create(:milestone, project: unauthorized_project) }
+      let(:wiki_page) { WikiPages::CreateService.new(unauthorized_project, user, { title: "foo", content: "wiki_blobs" }).execute }
+      let(:commit) { unauthorized_project.repository.commit(SeedRepo::FirstCommit::ID) }

      let(:search_service) { described_class.new(user, search: 'some-search-string', page: 1) }
      let(:mock_global_service) { instance_double(Search::GlobalService, scope: 'some-scope') }
@@ -145,6 +147,55 @@ describe SearchService do
        expect(subject).to be_kind_of(Kaminari::PaginatableArray)
        expect(subject).to contain_exactly(note_on_issue_in_project)
      end
+
+      it 'redacts commits the user does not have access to' do
+        allow(mock_results).to receive(:objects)
+          .and_return(
+            Kaminari.paginate_array(
+              [
+                commit
+              ],
+              total_count: 1,
+              limit: 1,
+              offset: 0
+            )
+          )
+
+        expect(subject).to be_kind_of(Kaminari::PaginatableArray)
+        expect(subject).to be_empty
+      end
+
+      it 'redacts blobs the user does not have access to' do
+        blob = unauthorized_project.repository.blob_at(SeedRepo::FirstCommit::ID, 'README.md')
+        response = Elasticsearch::Model::Response::Response.new Blob, double(:search)
+
+        allow(response).to receive_messages(
+          results: [blob],
+          total_count: 1,
+          limit_value: 10,
+          offset_value: 0
+        )
+        allow(mock_results).to receive(:objects).and_return(response)
+
+        expect(subject).to be_kind_of(Kaminari::PaginatableArray)
+        expect(subject).to be_empty
+      end
+
+      it 'redacts wikis the user does not have access to' do
+        wiki_page = create(:wiki_page, wiki: unauthorized_project.wiki)
+        response = Elasticsearch::Model::Response::Response.new WikiPage, double(:search)
+
+        allow(response).to receive_messages(
+          results: [wiki_page],
+          total_count: 1,
+          limit_value: 10,
+          offset_value: 0
+        )
+        allow(mock_results).to receive(:objects).and_return(response)
+
+        expect(subject).to be_kind_of(Kaminari::PaginatableArray)
+        expect(subject).to be_empty
+      end
    end
  end
 end