Merge branch 'tc-add-user-has-full-private-access-ee' into 'master'

Port of Add User#full_private_access? to check if user has access to all private groups & projects to EE See merge request !2217

Merge branch 'tc-add-user-has-full-private-access-ee' into 'master'
Port of Add User#full_private_access? to check if user has access to all private groups & projects to EE See merge request !2217
1313580e · Douwe Maan · 2d3f0c28 · 5ae28ca5 · 1313580e · 1313580e
Commit 1313580e authored Jun 23, 2017 by Douwe Maan
12 changed files
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -41,7 +41,7 @@ class IssuesFinder < IssuableFinder
  def self.not_restricted_by_confidentiality(user)
    return Issue.where('issues.confidential IS NOT TRUE') if user.blank?

-    return Issue.all if user.admin_or_auditor?
+    return Issue.all if user.full_private_access?

    Issue.where('
      issues.confidential IS NOT TRUE

--- a/app/models/concerns/elastic/issues_search.rb
+++ b/app/models/concerns/elastic/issues_search.rb
@@ -62,7 +62,7 @@ module Elastic
      end

      def self.confidentiality_filter(query_hash, current_user)
-        return query_hash if current_user && current_user.admin_or_auditor?
+        return query_hash if current_user && current_user.full_private_access?

        filter = if current_user
                   {

--- a/app/models/concerns/elastic/notes_search.rb
+++ b/app/models/concerns/elastic/notes_search.rb
@@ -65,7 +65,7 @@ module Elastic
      end

      def self.confidentiality_filter(query_hash, current_user)
-        return query_hash if current_user && current_user.admin_or_auditor?
+        return query_hash if current_user && current_user.full_private_access?

        filter = {
          bool: {

--- a/app/models/concerns/elastic/snippets_search.rb
+++ b/app/models/concerns/elastic/snippets_search.rb
@@ -59,7 +59,7 @@ module Elastic
      end

      def self.filter(query_hash, user)
-        return query_hash if user && user.admin_or_auditor?
+        return query_hash if user && user.full_private_access?

        filter = if user
                   {

--- a/app/models/ee/user.rb
+++ b/app/models/ee/user.rb
@@ -52,10 +52,6 @@ module EE
      license_allows_auditor_user? && self.auditor
    end

-    def admin_or_auditor?
-      admin? || auditor?
-    end
-
    def access_level
      if auditor?
        :auditor
@@ -73,8 +69,8 @@ module EE
    end

    # Does the user have access to all private groups & projects?
-    def has_full_private_access?
-      admin_or_auditor?
+    def full_private_access?
+      super || auditor?
    end

    def remember_me!

--- a/app/models/project_feature.rb
+++ b/app/models/project_feature.rb
@@ -96,7 +96,7 @@ class ProjectFeature < ActiveRecord::Base
    when DISABLED
      false
    when PRIVATE
-      user && (project.team.member?(user) || user.admin_or_auditor?)
+      user && (project.team.member?(user) || user.full_private_access?)
    when ENABLED
      true
    else

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1016,7 +1016,8 @@ class User < ActiveRecord::Base
  end

  # Does the user have access to all private groups & projects?
-  def has_full_private_access?
+  # Overridden in EE to also check auditor?
+  def full_private_access?
    admin?
  end


--- a/app/services/search/global_service.rb
+++ b/app/services/search/global_service.rb
@@ -22,7 +22,7 @@ module Search

    def elastic_projects
      @elastic_projects ||=
-        if current_user.try(:admin_or_auditor?)
+        if current_user&.full_private_access?
          :any
        elsif current_user
          current_user.authorized_projects.pluck(:id)

--- a/changelogs/unreleased/tc-refactor-projects-finder-init-collection.yml
+++ b/changelogs/unreleased/tc-refactor-projects-finder-init-collection.yml
+---
+title: Add User#full_private_access? to check if user has access to all private groups & projects
+merge_request: 12373
+author:
--- a/lib/gitlab/visibility_level.rb
+++ b/lib/gitlab/visibility_level.rb
@@ -28,7 +28,7 @@ module Gitlab
      def levels_for_user(user = nil)
        return [PUBLIC] unless user

-        if user.has_full_private_access?
+        if user.full_private_access?
          [PRIVATE, INTERNAL, PUBLIC]
        elsif user.external?
          [PUBLIC]

--- a/spec/models/ee/user_spec.rb
+++ b/spec/models/ee/user_spec.rb
@@ -66,11 +66,11 @@ describe EE::User, models: true do
    end
  end

-  describe '#has_full_private_access?' do
+  describe '#full_private_access?' do
    it 'returns true for auditor user' do
      user = build(:user, :auditor)

-      expect(user.has_full_private_access?).to be_truthy
+      expect(user.full_private_access?).to be_truthy
    end
  end
 end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1801,17 +1801,17 @@ describe User, models: true do
    end
  end

-  describe '#has_full_private_access?' do
+  describe '#full_private_access?' do
    it 'returns false for regular user' do
      user = build(:user)

-      expect(user.has_full_private_access?).to be_falsy
+      expect(user.full_private_access?).to be_falsy
    end

    it 'returns true for admin user' do
      user = build(:user, :admin)

-      expect(user.has_full_private_access?).to be_truthy
+      expect(user.full_private_access?).to be_truthy
    end
  end