From f96ce4079fba7adc25d6e54b87d2f171f43d14b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rub=C3=A9n=20D=C3=A1vila?= <rdavila84@gmail.com>
Date: Fri, 26 Feb 2016 19:08:25 -0500
Subject: [PATCH] Improve implementation to check read access to forks and add
 pagination.

---
 app/controllers/projects/forks_controller.rb | 22 ++++++++++++++------
 app/views/projects/forks/index.html.haml     | 14 ++++++-------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 0c551501ca..671162e764 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -4,12 +4,22 @@ class Projects::ForksController < Projects::ApplicationController
   before_action :authorize_download_code!
 
   def index
-    @sort = params[:sort] || 'id_desc'
-    @all_forks = project.forks.includes(:creator).order_by(@sort)
-
-    @public_forks, @protected_forks = @all_forks.partition do |project|
-      can?(current_user, :read_project, project)
-    end
+    base_query = project.forks.includes(:creator)
+
+    @forks = if current_user
+               base_query.where('projects.visibility_level IN (?) OR projects.id IN (?)',
+                                Project::PUBLIC,
+                                current_user.authorized_projects.pluck(:id))
+             else
+               base_query.where('projects.visibility_level = ?', Project::PUBLIC)
+             end
+
+    @total_forks_count   = base_query.size
+    @private_forks_count = @total_forks_count - @forks.size
+    @public_forks_count  = @total_forks_count - @private_forks_count
+
+    @sort  = params[:sort] || 'id_desc'
+    @forks = @forks.order_by(@sort).page(params[:page]).per(PER_PAGE)
   end
 
   def new
diff --git a/app/views/projects/forks/index.html.haml b/app/views/projects/forks/index.html.haml
index 42fa6fdb78..ace22625d1 100644
--- a/app/views/projects/forks/index.html.haml
+++ b/app/views/projects/forks/index.html.haml
@@ -1,9 +1,7 @@
 .top-area
   .nav-text
-    - public_count = @public_forks.size
-    - protected_count = @protected_forks.size
-    - full_count_title = "#{public_count} public and #{protected_count} private"
-    == #{pluralize(@all_forks.size, 'fork')}: #{full_count_title}
+    - full_count_title = "#{@public_forks_count} public and #{@private_forks_count} private"
+    == #{pluralize(@total_forks_count, 'fork')}: #{full_count_title}
 
   .nav-controls
     = search_field_tag :filter_projects, nil, placeholder: 'Search forks', class: 'projects-list-filter project-filter-form-field form-control input-short',
@@ -41,17 +39,17 @@
 
 
 .projects-list-holder
-  - if @public_forks.blank?
+  - if @forks.blank?
     %ul.content-list
       %li
         .nothing-here-block No forks to show
   - else
-    = render 'shared/projects/list', projects: @public_forks, use_creator_avatar: true,
+    = render 'shared/projects/list', projects: @forks, use_creator_avatar: true,
       forks: true, show_last_commit_as_description: true
 
-    - if protected_count > 0
+    - if @private_forks_count > 0
       %ul.projects-list.private-forks-notice
         %li.project-row
           = icon('lock fw', base: 'circle', class: 'fa-lg private-fork-icon')
-          %strong= pluralize(protected_count, 'private fork')
+          %strong= pluralize(@private_forks_count, 'private fork')
           %span you have no access to.
-- 
2.30.9