Commit 2730ae1d authored by Reuben Pereira's avatar Reuben Pereira

Use a custom ProjectParser#nodes_visible_to_user function so that the user...

Use a custom ProjectParser#nodes_visible_to_user function so that the user permissions for all project references can be checked together
parent 77c53f61
...@@ -7,10 +7,29 @@ module Banzai ...@@ -7,10 +7,29 @@ module Banzai
Project Project
end end
def nodes_visible_to_user(user, nodes)
nodes_projects_hash = lazy { projects_for_nodes(nodes) }
project_attr = 'data-project'
readable_project_ids = projects_readable_by_user(nodes_projects_hash.values, user)
nodes.select do |node|
if node.has_attribute?(project_attr)
readable_project_ids.include?(nodes_projects_hash[node].try(:id))
else
true
end
end
end
private private
def can_read_reference?(user, ref_project, node) # Returns an Array of Project ids that can be read by the given user.
can?(user, :read_project, ref_project) #
# projects - The projects to reduce down to those readable by the user.
# user - The User for which to check the projects
def projects_readable_by_user(projects, user)
Project.public_or_visible_to_user(user).where("projects.id IN (?)", projects.collect(&:id)).pluck(:id)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment