Remove all permission checking from Reference filters

lib/gitlab/markdown/cross_project_reference.rb

@@ -13,18 +13,11 @@ module Gitlab
       #
       # ref - String reference.
       #
-      # Returns a Project, or nil if the reference can't be accessed
+      # Returns a Project, or nil if the reference can't be found
       def project_from_ref(ref)
         return context[:project] unless ref
 
-        other = Project.find_with_namespace(ref)
-        return nil unless other && user_can_reference_project?(other)
-
-        other
-      end
-
-      def user_can_reference_project?(project, user = context[:current_user])
-        Ability.abilities.allowed?(user, :read_project, project)
+        Project.find_with_namespace(ref)
       end
     end
   end

lib/gitlab/markdown/user_reference_filter.rb

@@ -80,8 +80,6 @@ module Gitlab
       end
 
       def link_to_group(group, namespace)
-        return unless user_can_reference_group?(namespace)
-
         push_result(:user, *namespace.users)
 
         url = urls.group_url(group, only_path: context[:only_path])
@@ -100,10 +98,6 @@ module Gitlab
         text = User.reference_prefix + user
         %(<a href="#{url}" #{data} class="#{link_class}">#{text}</a>)
       end
-
-      def user_can_reference_group?(group)
-        Ability.abilities.allowed?(context[:current_user], :read_group, group)
-      end
     end
   end
 end

spec/lib/gitlab/markdown/commit_range_reference_filter_spec.rb

@@ -106,9 +106,6 @@ module Gitlab::Markdown
         range.project = project2
       end
 
-      context 'when user can access reference' do
-        before { allow_cross_reference! }
-
       it 'links to a valid reference' do
         doc = filter("See #{reference}")
 
@@ -136,16 +133,5 @@ module Gitlab::Markdown
         expect(result[:references][:commit_range]).not_to be_empty
       end
     end
-
-      context 'when user cannot access reference' do
-        before { disallow_cross_reference! }
-
-        it 'ignores valid references' do
-          exp = act = "See #{reference}"
-
-          expect(filter(act).to_html).to eq exp
-        end
-      end
-    end
   end
 end

spec/lib/gitlab/markdown/commit_reference_filter_spec.rb

@@ -99,9 +99,6 @@ module Gitlab::Markdown
       let(:commit)    { project2.commit }
       let(:reference) { commit.to_reference(project) }
 
-      context 'when user can access reference' do
-        before { allow_cross_reference! }
-
       it 'links to a valid reference' do
         doc = filter("See #{reference}")
 
@@ -126,16 +123,5 @@ module Gitlab::Markdown
         expect(result[:references][:commit]).not_to be_empty
       end
     end
-
-      context 'when user cannot access reference' do
-        before { disallow_cross_reference! }
-
-        it 'ignores valid references' do
-          exp = act = "See #{reference}"
-
-          expect(filter(act).to_html).to eq exp
-        end
-      end
-    end
   end
 end

spec/lib/gitlab/markdown/cross_project_reference_spec.rb

@@ -35,21 +35,9 @@ module Gitlab::Markdown
 
         context 'and the user has permission to read it' do
           it 'returns the referenced project' do
-            expect(self).to receive(:user_can_reference_project?).
-              with(project2).and_return(true)
-
             expect(project_from_ref('cross/reference')).to eq project2
           end
         end
-
-        context 'and the user does not have permission to read it' do
-          it 'returns nil' do
-            expect(self).to receive(:user_can_reference_project?).
-              with(project2).and_return(false)
-
-            expect(project_from_ref('cross/reference')).to be_nil
-          end
-        end
       end
     end
   end

spec/lib/gitlab/markdown/issue_reference_filter_spec.rb

@@ -96,9 +96,6 @@ module Gitlab::Markdown
       let(:issue)     { create(:issue, project: project2) }
       let(:reference) { issue.to_reference(project) }
 
-      context 'when user can access reference' do
-        before { allow_cross_reference! }
-
       it 'ignores valid references when cross-reference project uses external tracker' do
         expect_any_instance_of(Project).to receive(:get_issue).
           with(issue.iid).and_return(nil)
@@ -130,16 +127,5 @@ module Gitlab::Markdown
         expect(result[:references][:issue]).to eq [issue]
       end
     end
-
-      context 'when user cannot access reference' do
-        before { disallow_cross_reference! }
-
-        it 'ignores valid references' do
-          exp = act = "See #{reference}"
-
-          expect(filter(act).to_html).to eq exp
-        end
-      end
-    end
   end
 end

spec/lib/gitlab/markdown/merge_request_reference_filter_spec.rb

@@ -84,9 +84,6 @@ module Gitlab::Markdown
       let(:merge)     { create(:merge_request, source_project: project2) }
       let(:reference) { merge.to_reference(project) }
 
-      context 'when user can access reference' do
-        before { allow_cross_reference! }
-
       it 'links to a valid reference' do
         doc = filter("See #{reference}")
 
@@ -111,16 +108,5 @@ module Gitlab::Markdown
         expect(result[:references][:merge_request]).to eq [merge]
       end
     end
-
-      context 'when user cannot access reference' do
-        before { disallow_cross_reference! }
-
-        it 'ignores valid references' do
-          exp = act = "See #{reference}"
-
-          expect(filter(act).to_html).to eq exp
-        end
-      end
-    end
   end
 end

spec/lib/gitlab/markdown/snippet_reference_filter_spec.rb

@@ -83,9 +83,6 @@ module Gitlab::Markdown
       let(:snippet)   { create(:project_snippet, project: project2) }
       let(:reference) { snippet.to_reference(project) }
 
-      context 'when user can access reference' do
-        before { allow_cross_reference! }
-
       it 'links to a valid reference' do
         doc = filter("See #{reference}")
 
@@ -109,16 +106,5 @@ module Gitlab::Markdown
         expect(result[:references][:snippet]).to eq [snippet]
       end
     end
-
-      context 'when user cannot access reference' do
-        before { disallow_cross_reference! }
-
-        it 'ignores valid references' do
-          exp = act = "See #{reference}"
-
-          expect(filter(act).to_html).to eq exp
-        end
-      end
-    end
   end
 end

spec/lib/gitlab/markdown/user_reference_filter_spec.rb

@@ -83,7 +83,6 @@ module Gitlab::Markdown
       let(:user)      { create(:user) }
       let(:reference) { group.to_reference }
 
-      context 'that the current user can read' do
       before do
         group.add_developer(user)
       end
@@ -107,19 +106,6 @@ module Gitlab::Markdown
       end
     end
 
-      context 'that the current user cannot read' do
-        it 'ignores references to the Group' do
-          doc = filter("Hey #{reference}", current_user: user)
-          expect(doc.to_html).to eq "Hey #{reference}"
-        end
-
-        it 'does not add to the results hash' do
-          result = pipeline_result("Hey #{reference}", current_user: user)
-          expect(result[:references][:user]).to eq []
-        end
-      end
-    end
-
     it 'links with adjacent text' do
       doc = filter("Mention me (#{reference}.)")
       expect(doc.to_html).to match(/\(<a.+>#{reference}<\/a>\.\)/)

spec/support/filter_spec_helper.rb

@@ -55,20 +55,6 @@ module FilterSpecHelper
     end
   end
 
-  # Stub CrossProjectReference#user_can_reference_project? to return true for
-  # the current test
-  def allow_cross_reference!
-    allow_any_instance_of(described_class).
-      to receive(:user_can_reference_project?).and_return(true)
-  end
-
-  # Stub CrossProjectReference#user_can_reference_project? to return false for
-  # the current test
-  def disallow_cross_reference!
-    allow_any_instance_of(described_class).
-      to receive(:user_can_reference_project?).and_return(false)
-  end
-
   # Shortcut to Rails' auto-generated routes helpers, to avoid including the
   # module
   def urls