summaryrefslogtreecommitdiff
path: root/app/finders
diff options
context:
space:
mode:
authorSean McGivern <sean@gitlab.com>2017-06-29 17:15:49 +0100
committerSean McGivern <sean@gitlab.com>2017-06-30 10:33:47 +0100
commitcb30edfae5c3557686463ca22eca7ef572c3ac33 (patch)
treecb29170e9241ae5ed76645bbe20a5e9256a2e94c /app/finders
parent0c6cdd07829668e04012219eb21cc60db8c1eabc (diff)
downloadgitlab-ce-cb30edfae5c3557686463ca22eca7ef572c3ac33.tar.gz
Clarify counter caching for users without project access
Diffstat (limited to 'app/finders')
-rw-r--r--app/finders/issues_finder.rb15
1 files changed, 15 insertions, 0 deletions
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb
index d20f4475a03..18f60f9a2b6 100644
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -54,6 +54,21 @@ class IssuesFinder < IssuableFinder
project.team.max_member_access(current_user.id) >= CONFIDENTIAL_ACCESS_LEVEL
end
+ # Anonymous users can't see any confidential issues.
+ #
+ # Users without access to see _all_ confidential issues (as in
+ # `user_can_see_all_confidential_issues?`) are more complicated, because they
+ # can see confidential issues where:
+ # 1. They are an assignee.
+ # 2. The are an author.
+ #
+ # That's fine for most cases, but if we're just counting, we need to cache
+ # effectively. If we cached this accurately, we'd have a cache key for every
+ # authenticated user without sufficient access to the project. Instead, when
+ # we are counting, we treat them as if they can't see any confidential issues.
+ #
+ # This does mean the counts may be wrong for those users, but avoids an
+ # explosion in cache keys.
def user_cannot_see_confidential_issues?(for_counting: false)
return false if user_can_see_all_confidential_issues?