Fix user page performance and authorization

app/controllers/users_controller.rb

@@ -4,11 +4,8 @@ class UsersController < ApplicationController
   layout :determine_layout
 
   def show
-    # Projects user can view
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    authorized_projects_ids = visible_projects.pluck(:id)
-
-    @contributed_projects = Project.where(id: authorized_projects_ids).
+    @contributed_projects = Project.
+      where(id: authorized_projects_ids & @user.contributed_projects_ids).
       in_group_namespace.includes(:namespace)
 
     @projects = @user.personal_projects.
@@ -32,8 +29,8 @@ class UsersController < ApplicationController
   end
 
   def calendar
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    calendar = Gitlab::CommitsCalendar.new(visible_projects, @user)
+    projects = Project.where(id: authorized_projects_ids & @user.contributed_projects_ids)
+    calendar = Gitlab::CommitsCalendar.new(projects, @user)
     @timestamps = calendar.timestamps
     @starting_year = calendar.starting_year
     @starting_month = calendar.starting_month
@@ -58,4 +55,10 @@ class UsersController < ApplicationController
       return authenticate_user!
     end
   end
+
+  def authorized_projects_ids
+    # Projects user can view
+    @authorized_projects_ids ||=
+      ProjectsFinder.new.execute(current_user).pluck(:id)
+  end
 end

app/models/user.rb

@@ -607,4 +607,11 @@ class User < ActiveRecord::Base
   def oauth_authorized_tokens
     Doorkeeper::AccessToken.where(resource_owner_id: self.id, revoked_at: nil)
   end
+
+  def contributed_projects_ids
+    Event.where(author_id: self).
+      reorder(project_id: :desc).
+      select('DISTINCT(project_id)').
+      map(&:project_id)
+  end
 end