Fix user page performance and authorization

2 files changed, 19 insertions, 9 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 8c5605c8b4b..4c2fe4c3c8d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,11 +4,8 @@ class UsersController < ApplicationController
   layout :determine_layout
 
   def show
-    # Projects user can view
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    authorized_projects_ids = visible_projects.pluck(:id)
-
-    @contributed_projects = Project.where(id: authorized_projects_ids).
+    @contributed_projects = Project.
+      where(id: authorized_projects_ids & @user.contributed_projects_ids).
       in_group_namespace.includes(:namespace)
 
     @projects = @user.personal_projects.
@@ -32,8 +29,8 @@ class UsersController < ApplicationController
   end
 
   def calendar
-    visible_projects = ProjectsFinder.new.execute(current_user)
-    calendar = Gitlab::CommitsCalendar.new(visible_projects, @user)
+    projects = Project.where(id: authorized_projects_ids & @user.contributed_projects_ids)
+    calendar = Gitlab::CommitsCalendar.new(projects, @user)
     @timestamps = calendar.timestamps
     @starting_year = calendar.starting_year
     @starting_month = calendar.starting_month
@@ -58,4 +55,10 @@ class UsersController < ApplicationController
       return authenticate_user!
     end
   end
+
+  def authorized_projects_ids
+    # Projects user can view
+    @authorized_projects_ids ||=
+      ProjectsFinder.new.execute(current_user).pluck(:id)
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 2ffcd1478d8..ed9a0168747 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -255,7 +255,7 @@ class User < ActiveRecord::Base
       counter = 0
       base = username
       while User.by_login(username).present? || Namespace.by_path(username).present?
-        counter += 1 
+        counter += 1
         username = "#{base}#{counter}"
       end
 
@@ -459,7 +459,7 @@ class User < ActiveRecord::Base
 
   def set_notification_email
     if self.notification_email.blank? || !self.all_emails.include?(self.notification_email)
-      self.notification_email = self.email 
+      self.notification_email = self.email
     end
   end
 
@@ -607,4 +607,11 @@ class User < ActiveRecord::Base
   def oauth_authorized_tokens
     Doorkeeper::AccessToken.where(resource_owner_id: self.id, revoked_at: nil)
   end
+
+  def contributed_projects_ids
+    Event.where(author_id: self).
+      reorder(project_id: :desc).
+      select('DISTINCT(project_id)').
+      map(&:project_id)
+  end
 end