Class: Issues::ConfidentialityFilter

Inherits:
Issuables::BaseFilter show all
Defined in:
app/finders/issues/confidentiality_filter.rb

Constant Summary collapse

CONFIDENTIAL_ACCESS_LEVEL = 
Gitlab::Access::PLANNER

Constants inherited from Issuables::BaseFilter

Issuables::BaseFilter::FILTER_ANY, Issuables::BaseFilter::FILTER_NONE

Instance Method Summary collapse

Constructor Details

#initialize(assignee_filter:, related_groups: nil, **kwargs) ⇒ ConfidentialityFilter

Returns a new instance of ConfidentialityFilter.



7
8
9
10
11
12
 
# File 'app/finders/issues/confidentiality_filter.rb', line 7

def initialize(assignee_filter:, related_groups: nil, **kwargs)
  @assignee_filter = assignee_filter
  @related_groups = related_groups

  super(**kwargs)
end

Instance Method Details

#filter(issues) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'app/finders/issues/confidentiality_filter.rb', line 14

def filter(issues)
  issues = issues.confidential_only if params[:confidential]

  # We do not need to do the confidentiality check if we know that only public issues will be returned
  return issues.public_only if current_user.blank? || params[:confidential] == false

  return issues if user_can_see_all_confidential_issues?

  # Since the CTE is used in access_to_parent_exists only if @related_groups is not null, we can skip the CTE if
  # it's null
  unless @related_groups.nil?
    issues = issues.with_accessible_sub_namespace_ids_cte(Group.groups_user_can(@related_groups,
      current_user,
      :read_confidential_issues,
      same_root: true).select('id'))
  end

  issues.public_only.or(
    issues.confidential_only.merge(
      issues.authored(current_user)
        .or(issues.assigned_to(current_user))
        .or(access_to_parent_exists(issues))
    )
  ).allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/422045')
end