diff options
| author | Alexandru Croitor <acroitor@gitlab.com> | 2019-06-12 19:28:25 +0300 |
|---|---|---|
| committer | Alexandru Croitor <acroitor@gitlab.com> | 2019-06-18 12:46:46 +0300 |
| commit | 09163e423ac50c8eda82f67e5419142893faf18a (patch) | |
| tree | 91f687ddb99fd03db7894c238759eea086029d51 /app/models/merge_requests_closing_issues.rb | |
| parent | e5ca7b8b0b5ba45f5847b6e545d17ca5af1cd929 (diff) | |
| download | gitlab-ce-09163e423ac50c8eda82f67e5419142893faf18a.tar.gz | |
Expose merge requests count based on user access
Count issues related merge requests based on user access level. And
issue can have related MRs from projects where user does not have
access so the number of related merge requests should be adjusted
based on user's ability to access the related MRs.
https://gitlab.com/gitlab-org/gitlab-ce/issues/59581
Diffstat (limited to 'app/models/merge_requests_closing_issues.rb')
| -rw-r--r-- | app/models/merge_requests_closing_issues.rb | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/app/models/merge_requests_closing_issues.rb b/app/models/merge_requests_closing_issues.rb index 61af50841ee..22cedf57b86 100644 --- a/app/models/merge_requests_closing_issues.rb +++ b/app/models/merge_requests_closing_issues.rb @@ -7,11 +7,38 @@ class MergeRequestsClosingIssues < ApplicationRecord validates :merge_request_id, uniqueness: { scope: :issue_id }, presence: true validates :issue_id, presence: true + scope :with_issues, ->(ids) { where(issue_id: ids) } + scope :with_merge_requests_enabled, -> do + joins(:merge_request) + .joins('INNER JOIN project_features ON merge_requests.target_project_id = project_features.project_id') + .where('project_features.merge_requests_access_level >= :access', access: ProjectFeature::ENABLED) + end + + scope :accessible_by, ->(user) do + joins(:merge_request) + .joins('INNER JOIN project_features ON merge_requests.target_project_id = project_features.project_id') + .where('project_features.merge_requests_access_level >= :access OR EXISTS(:authorizations)', + access: ProjectFeature::ENABLED, + authorizations: user.authorizations_for_projects(min_access_level: Gitlab::Access::REPORTER, related_project_column: "merge_requests.target_project_id") + ) + end + class << self - def count_for_collection(ids) - group(:issue_id) - .where(issue_id: ids) - .pluck('issue_id', 'COUNT(*) as count') + def count_for_collection(ids, current_user) + closing_merge_requests(ids, current_user).group(:issue_id).pluck('issue_id', 'COUNT(*) as count') + end + + def count_for_issue(id, current_user) + closing_merge_requests(id, current_user).count + end + + private + + def closing_merge_requests(ids, current_user) + return with_issues(ids) if current_user&.admin? + return with_issues(ids).with_merge_requests_enabled if current_user.blank? + + with_issues(ids).accessible_by(current_user) end end end |