diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-05-03 23:51:25 +0000 |
|---|---|---|
| committer | Lin Jen-Shin <godfat@godfat.org> | 2017-05-04 22:37:10 +0800 |
| commit | 63bd491306f1371b635e809242f630c322b1bf40 (patch) | |
| tree | 1cdedd14e8f2ba2488286429249508ef3d502aa9 /app | |
| parent | 0e1b5355c2c07407ecda7d6860c0fc5192c23626 (diff) | |
| download | gitlab-ce-63bd491306f1371b635e809242f630c322b1bf40.tar.gz | |
Merge branch 'tc-fix-private-subgroups-shown' into 'security'
Use GroupsFinder to find subgroups the user has access to
See merge request !2096
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/explore/groups_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/groups_controller.rb | 2 | ||||
| -rw-r--r-- | app/finders/groups_finder.rb | 20 |
3 files changed, 18 insertions, 6 deletions
diff --git a/app/controllers/explore/groups_controller.rb b/app/controllers/explore/groups_controller.rb index 68228c095da..81883c543ba 100644 --- a/app/controllers/explore/groups_controller.rb +++ b/app/controllers/explore/groups_controller.rb @@ -1,6 +1,6 @@ class Explore::GroupsController < Explore::ApplicationController def index - @groups = GroupsFinder.new.execute(current_user) + @groups = GroupsFinder.new(current_user).execute @groups = @groups.search(params[:filter_groups]) if params[:filter_groups].present? @groups = @groups.sort(@sort = params[:sort]) @groups = @groups.page(params[:page]) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 593001e6396..d695459fe87 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -64,7 +64,7 @@ class GroupsController < Groups::ApplicationController end def subgroups - @nested_groups = group.children + @nested_groups = GroupsFinder.new(current_user, parent: group).execute @nested_groups = @nested_groups.search(params[:filter_groups]) if params[:filter_groups].present? end diff --git a/app/finders/groups_finder.rb b/app/finders/groups_finder.rb index d932a17883f..f68610e197c 100644 --- a/app/finders/groups_finder.rb +++ b/app/finders/groups_finder.rb @@ -1,13 +1,19 @@ class GroupsFinder < UnionFinder - def execute(current_user = nil) - segments = all_groups(current_user) + def initialize(current_user = nil, params = {}) + @current_user = current_user + @params = params + end - find_union(segments, Group).with_route.order_id_desc + def execute + groups = find_union(all_groups, Group).with_route.order_id_desc + by_parent(groups) end private - def all_groups(current_user) + attr_reader :current_user, :params + + def all_groups groups = [] groups << current_user.authorized_groups if current_user @@ -15,4 +21,10 @@ class GroupsFinder < UnionFinder groups end + + def by_parent(groups) + return groups unless params[:parent] + + groups.where(parent: params[:parent]) + end end |