Commit a2474646 authored by Jan Provaznik's avatar Jan Provaznik

Moved epic groups filtering to model

having this on service level causes rubocop fails (usage of whare,
preload outside of models). Although it's not ideal we usually do
user visibility filtering on model level.
parent 9bdc980b
......@@ -195,6 +195,15 @@ module EE
def deepest_relationship_level
::Gitlab::ObjectHierarchy.new(self.where(parent_id: nil)).max_descendants_depth
end
def groups_user_can_read_epics(epics, user)
groups = ::Group.where(id: epics.select(:group_id))
groups = ::Gitlab::GroupPlansPreloader.new.preload(groups)
DeclarativePolicy.user_scope do
groups.select { |g| Ability.allowed?(user, :read_epic, g) }
end
end
end
def resource_parent
......
......@@ -44,20 +44,9 @@ module Epics
def accessible_epics
strong_memoize(:epics) do
epics = epic.base_and_descendants
groups = groups_user_can_read_epics(epics)
groups = Epic.groups_user_can_read_epics(epics, current_user)
epics.in_selected_groups(groups)
end
end
# rubocop: disable CodeReuse/ActiveRecord
def groups_user_can_read_epics(epics)
groups = Group.where(id: epics.select(:group_id))
groups = Gitlab::GroupPlansPreloader.new.preload(groups)
DeclarativePolicy.user_scope do
groups.select { |g| Ability.allowed?(current_user, :read_epic, g) }
end
end
# rubocop: enable CodeReuse/ActiveRecord
end
end
# frozen_string_literal: true
require 'spec_helper'
describe Issue do
describe '.in_epics' do
let_it_be(:epic1) { create(:epic) }
let_it_be(:epic2) { create(:epic) }
let_it_be(:epic_issue1) { create(:epic_issue, epic: epic1) }
let_it_be(:epic_issue2) { create(:epic_issue, epic: epic2) }
before do
stub_licensed_features(epics: true)
end
it 'returns only issues in selected epics' do
expect(described_class.count).to eq 2
expect(described_class.in_epics([epic1])).to eq [epic_issue1.issue]
end
end
end
......@@ -3,7 +3,8 @@
require 'spec_helper'
describe Epic do
set(:group) { create(:group) }
let_it_be(:user) { create(:user) }
let_it_be(:group) { create(:group) }
let(:project) { create(:project, group: group) }
describe 'associations' do
......@@ -100,6 +101,31 @@ describe Epic do
end
end
describe '.groups_user_can_read_epics' do
let_it_be(:private_group) { create(:group, :private) }
let_it_be(:epic) { create(:epic, group: private_group) }
subject do
epics = described_class.where(id: epic.id)
described_class.groups_user_can_read_epics(epics, user)
end
it 'does not return inaccessible groups' do
expect(subject).to be_empty
end
context 'with authorized user' do
before do
private_group.add_developer(user)
stub_licensed_features(epics: true)
end
it 'returns epic groups user can access' do
expect(subject).to eq [private_group]
end
end
end
describe '#valid_parent?' do
context 'basic checks' do
let(:epic) { build(:epic, group: group) }
......@@ -352,7 +378,6 @@ describe Epic do
end
describe '#issues_readable_by' do
let(:user) { create(:user) }
let(:group) { create(:group, :private) }
let(:project) { create(:project, group: group) }
let(:project2) { create(:project, group: group) }
......@@ -400,7 +425,6 @@ describe Epic do
end
describe '#reopen' do
let(:user) { create(:user) }
subject(:epic) { create(:epic, state: 'closed', closed_at: Time.now, closed_by: user) }
it 'sets closed_at to nil when an epic is reopend' do
......
......@@ -66,6 +66,22 @@ describe Issue do
expect(described_class.service_desk).not_to include(regular_issue)
end
end
describe '.in_epics' do
let_it_be(:epic1) { create(:epic) }
let_it_be(:epic2) { create(:epic) }
let_it_be(:epic_issue1) { create(:epic_issue, epic: epic1) }
let_it_be(:epic_issue2) { create(:epic_issue, epic: epic2) }
before do
stub_licensed_features(epics: true)
end
it 'returns only issues in selected epics' do
expect(described_class.count).to eq 2
expect(described_class.in_epics([epic1])).to eq [epic_issue1.issue]
end
end
end
describe 'validations' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment