2 files changed, 41 insertions, 35 deletions

diff --git a/app/contexts/search/global_context.rb b/app/contexts/search/global_context.rb
index c0966bb5220..74e746018e6 100644
--- a/app/contexts/search/global_context.rb
+++ b/app/contexts/search/global_context.rb
@@ -11,22 +11,17 @@ module Search
       query = Shellwords.shellescape(query) if query.present?
       return result unless query.present?
 
-
-      projects = current_user.authorized_projects
-
-      if params[:group_id].present?
-        group = Group.find_by_id(params[:group_id])
-        projects = projects.where(namespace_id: group.id) if group
-      end
-
+      authorized_projects_ids = []
+      authorized_projects_ids += current_user.authorized_projects.pluck(:id) if current_user
+      authorized_projects_ids += Project.public_or_internal_only(current_user).pluck(:id)
+
+      group = Group.find_by_id(params[:group_id]) if params[:group_id].present?
+      projects = Project.where(id: authorized_projects_ids)
+      projects = projects.where(namespace_id: group.id) if group
+      projects = projects.search(query)
       project_ids = projects.pluck(:id)
 
-      visibility_levels = if current_user
-                            [Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PUBLIC]
-                          else
-                            [Gitlab::VisibilityLevel::PUBLIC]
-                          end
-      result[:projects] = Project.where("projects.id in (?) OR projects.visibility_level in (?)", project_ids, visibility_levels).search(query).limit(20)
+      result[:projects] = projects.limit(20)
       result[:merge_requests] = MergeRequest.in_projects(project_ids).search(query).order('updated_at DESC').limit(20)
       result[:issues] = Issue.where(project_id: project_ids).search(query).order('updated_at DESC').limit(20)
       result[:total_results] = %w(projects issues merge_requests).sum { |items| result[items.to_sym].size }
diff --git a/spec/contexts/search_context_spec.rb b/spec/contexts/search_context_spec.rb
index c25743e0032..38a6b55383a 100644
--- a/spec/contexts/search_context_spec.rb
+++ b/spec/contexts/search_context_spec.rb
@@ -1,43 +1,54 @@
 require 'spec_helper'
 
-describe SearchContext do
+describe 'Search::GlobalContext' do
   let(:found_namespace) { create(:namespace, name: 'searchable namespace', path:'another_thing') }
   let(:user) { create(:user, namespace: found_namespace) }
   let!(:found_project) { create(:project, name: 'searchable_project', creator_id: user.id, namespace: found_namespace, visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
 
   let(:unfound_namespace) { create(:namespace, name: 'unfound namespace', path: 'yet_something_else') }
   let!(:unfound_project) { create(:project, name: 'unfound_project', creator_id: user.id, namespace: unfound_namespace, visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
-  
+
   let(:internal_namespace) { create(:namespace, path: 'something_internal',name: 'searchable internal namespace') }
   let(:internal_user) { create(:user, namespace: internal_namespace) }
   let!(:internal_project) { create(:project, name: 'searchable_internal_project', creator_id: internal_user.id, namespace: internal_namespace, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
-  
+
   let(:public_namespace) { create(:namespace, path: 'something_public',name: 'searchable public namespace') }
   let(:public_user) { create(:user, namespace: public_namespace) }
   let!(:public_project) { create(:project, name: 'searchable_public_project', creator_id: public_user.id, namespace: public_namespace, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
 
   describe '#execute' do
-    it 'public projects should be searchable' do
-      context = SearchContext.new([found_project.id], nil, {search_code:  false, search: "searchable"})
-      results = context.execute
-      results[:projects].should == [found_project, public_project]
+    context 'unauthenticated' do
+      it 'should return public projects only' do
+        context = Search::GlobalContext.new(nil, search: "searchable")
+        results = context.execute
+        results[:projects].should have(1).items
+        results[:projects].should include(public_project)
+      end
     end
 
-    it 'internal projects should be searchable' do
-      context = SearchContext.new([found_project.id], user, {search_code:  false, search: "searchable"})
-      results = context.execute
-      # can't seem to rely on the return order, so check this way
-      #subject { results[:projects] }
-      results[:projects].should have(3).items
-      results[:projects].should include(found_project)
-      results[:projects].should include(internal_project)
-      results[:projects].should include(public_project)
-    end
+    context 'authenticated' do
+      it 'should return public, internal and private projects' do
+        context = Search::GlobalContext.new(user, search: "searchable")
+        results = context.execute
+        results[:projects].should have(3).items
+        results[:projects].should include(public_project)
+        results[:projects].should include(found_project)
+        results[:projects].should include(internal_project)
+      end
+
+      it 'should return only public & internal projects' do
+        context = Search::GlobalContext.new(internal_user, search: "searchable")
+        results = context.execute
+        results[:projects].should have(2).items
+        results[:projects].should include(internal_project)
+        results[:projects].should include(public_project)
+      end
 
-    it 'namespace name should be searchable' do
-      context = SearchContext.new([found_project.id], user, {search_code:  false, search: "searchable namespace"})
-      results = context.execute
-      results[:projects].should == [found_project]
+      it 'namespace name should be searchable' do
+        context = Search::GlobalContext.new(user, search: "searchable namespace")
+        results = context.execute
+        results[:projects].should == [found_project]
+      end
     end
   end
 end