Commit 2c31cb59 authored by Dmitry Gruzd's avatar Dmitry Gruzd Committed by Dylan Griffith

Improve confidentiality search check for AGS, scope: issues

parent cf683ab9
---
title: Improve issues confidentiality check performance for AGS
merge_request: 38564
author:
type: performance
...@@ -13,15 +13,25 @@ module Elastic ...@@ -13,15 +13,25 @@ module Elastic
options[:features] = 'issues' options[:features] = 'issues'
query_hash = project_ids_filter(query_hash, options) query_hash = project_ids_filter(query_hash, options)
query_hash = confidentiality_filter(query_hash, options[:current_user]) query_hash = confidentiality_filter(query_hash, options[:current_user], options[:project_ids])
search(query_hash, options) search(query_hash, options)
end end
private private
def confidentiality_filter(query_hash, current_user) def user_has_access_to_confidential_issues?(authorized_project_ids, project_ids)
return query_hash if current_user && current_user.can_read_all_resources? # is_a?(Array) is needed because we might receive project_ids: :any
return false unless authorized_project_ids && project_ids.is_a?(Array)
(project_ids - authorized_project_ids).empty?
end
def confidentiality_filter(query_hash, current_user, project_ids)
return query_hash if current_user&.can_read_all_resources?
authorized_project_ids = current_user&.authorized_projects(Gitlab::Access::REPORTER)&.pluck_primary_key
return query_hash if user_has_access_to_confidential_issues?(authorized_project_ids, project_ids)
filter = filter =
if current_user if current_user
...@@ -38,7 +48,7 @@ module Elastic ...@@ -38,7 +48,7 @@ module Elastic
should: [ should: [
{ term: { author_id: current_user.id } }, { term: { author_id: current_user.id } },
{ term: { assignee_id: current_user.id } }, { term: { assignee_id: current_user.id } },
{ terms: { project_id: current_user.authorized_projects(Gitlab::Access::REPORTER).pluck_primary_key } } { terms: { project_id: authorized_project_ids } }
] ]
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment