debian-mirror-gitlab/app/finders/snippets_finder.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

236 lines
6.2 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2018-12-13 13:39:08 +05:30
# Finder for retrieving snippets that a user can see, optionally scoped to a
# project or snippets author.
2018-03-17 18:26:18 +05:30
#
2018-12-13 13:39:08 +05:30
# Basic usage:
2018-03-17 18:26:18 +05:30
#
2018-12-13 13:39:08 +05:30
# user = User.find(1)
2018-03-17 18:26:18 +05:30
#
2018-12-13 13:39:08 +05:30
# SnippetsFinder.new(user).execute
2018-03-17 18:26:18 +05:30
#
2018-12-13 13:39:08 +05:30
# To limit the snippets to a specific project, supply the `project:` option:
#
# user = User.find(1)
# project = Project.find(1)
#
# SnippetsFinder.new(user, project: project).execute
#
# Limiting snippets to an author can be done by supplying the `author:` option:
#
# user = User.find(1)
# project = Project.find(1)
#
# SnippetsFinder.new(user, author: user).execute
#
# To filter snippets using a specific visibility level, you can provide the
# `scope:` option:
#
# user = User.find(1)
# project = Project.find(1)
#
# SnippetsFinder.new(user, author: user, scope: :are_public).execute
#
# Valid `scope:` values are:
#
# * `:are_private`
# * `:are_internal`
# * `:are_public`
#
# Any other value will be ignored.
2017-08-17 22:00:37 +05:30
class SnippetsFinder < UnionFinder
2018-03-27 19:54:05 +05:30
include FinderMethods
2020-01-01 13:55:28 +05:30
include Gitlab::Utils::StrongMemoize
2018-03-27 19:54:05 +05:30
2021-12-11 22:18:48 +05:30
attr_reader :current_user, :params
2017-08-17 22:00:37 +05:30
2018-12-13 13:39:08 +05:30
def initialize(current_user = nil, params = {})
2017-08-17 22:00:37 +05:30
@current_user = current_user
2021-12-11 22:18:48 +05:30
@params = params
2018-12-13 13:39:08 +05:30
if project && author
raise(
ArgumentError,
'Filtering by both an author and a project is not supported, ' \
'as this finder is not optimised for this use case'
)
end
2017-08-17 22:00:37 +05:30
end
def execute
2020-01-01 13:55:28 +05:30
# The snippet query can be expensive, therefore if the
# author or project params have been passed and they don't
2020-04-08 14:13:33 +05:30
# exist, or if a Project has been passed and has snippets
# disabled, it's better to return
2020-01-01 13:55:28 +05:30
return Snippet.none if author.nil? && params[:author].present?
return Snippet.none if project.nil? && params[:project].present?
2020-04-08 14:13:33 +05:30
return Snippet.none if project && !project.feature_available?(:snippets, current_user)
2020-01-01 13:55:28 +05:30
items = init_collection
items = by_ids(items)
2020-07-28 23:09:34 +05:30
items = items.with_optional_visibility(visibility_from_scope)
items.order_by(sort_param)
2015-04-26 12:48:37 +05:30
end
2019-07-07 11:18:12 +05:30
private
2019-12-21 20:55:43 +05:30
def init_collection
2021-12-11 22:18:48 +05:30
if explore?
2019-12-21 20:55:43 +05:30
snippets_for_explore
2021-12-11 22:18:48 +05:30
elsif only_personal?
2020-01-01 13:55:28 +05:30
personal_snippets
2019-12-21 20:55:43 +05:30
elsif project
snippets_for_a_single_project
else
2020-01-01 13:55:28 +05:30
snippets_for_personal_and_multiple_projects
2019-12-21 20:55:43 +05:30
end
end
# Produces a query that retrieves snippets for the Explore page
#
# We only show personal snippets here because this page is meant for
# discovery, and project snippets are of limited interest here.
def snippets_for_explore
Snippet.public_to_user(current_user).only_personal_snippets
end
2018-12-13 13:39:08 +05:30
# Produces a query that retrieves snippets from multiple projects.
#
# The resulting query will, depending on the user's permissions, include the
# following collections of snippets:
#
# 1. Snippets that don't belong to any project.
# 2. Snippets of projects that are visible to the current user (e.g. snippets
# in public projects).
# 3. Snippets of projects that the current user is a member of.
#
# Each collection is constructed in isolation, allowing for greater control
# over the resulting SQL query.
2020-01-01 13:55:28 +05:30
def snippets_for_personal_and_multiple_projects
queries = []
2021-12-11 22:18:48 +05:30
queries << personal_snippets unless only_project?
2018-12-13 13:39:08 +05:30
if Ability.allowed?(current_user, :read_cross_project)
queries << snippets_of_visible_projects
queries << snippets_of_authorized_projects if current_user
2018-03-17 18:26:18 +05:30
end
2020-07-28 23:09:34 +05:30
prepared_union(queries)
2015-04-26 12:48:37 +05:30
end
2018-12-13 13:39:08 +05:30
def snippets_for_a_single_project
Snippet.for_project_with_user(project, current_user)
2017-08-17 22:00:37 +05:30
end
2018-03-27 19:54:05 +05:30
2019-12-21 20:55:43 +05:30
def personal_snippets
snippets_for_author_or_visible_to_user.only_personal_snippets
2018-03-17 18:26:18 +05:30
end
2018-12-13 13:39:08 +05:30
# Returns the snippets that the current user (logged in or not) can view.
def snippets_of_visible_projects
snippets_for_author_or_visible_to_user
.only_include_projects_visible_to(current_user)
.only_include_projects_with_snippets_enabled
2018-03-17 18:26:18 +05:30
end
2018-12-13 13:39:08 +05:30
# Returns the snippets that the currently logged in user has access to by
# being a member of the project the snippets belong to.
#
# This method requires that `current_user` returns a `User` instead of `nil`,
# and is optimised for this specific scenario.
def snippets_of_authorized_projects
2019-12-21 20:55:43 +05:30
base = author ? author.snippets : Snippet.all
2018-12-13 13:39:08 +05:30
base
.only_include_projects_with_snippets_enabled(include_private: true)
.only_include_authorized_projects(current_user)
2017-08-17 22:00:37 +05:30
end
2018-12-13 13:39:08 +05:30
def snippets_for_author_or_visible_to_user
if author
snippets_for_author
elsif current_user
Snippet.visible_to_or_authored_by(current_user)
else
Snippet.public_to_user
end
2015-04-26 12:48:37 +05:30
end
2018-12-13 13:39:08 +05:30
def snippets_for_author
base = author.snippets
2017-08-17 22:00:37 +05:30
2018-12-13 13:39:08 +05:30
if author == current_user
# If the current user is also the author of all snippets, then we can
# include private snippets.
base
else
base.public_to_user(current_user)
end
2017-08-17 22:00:37 +05:30
end
def visibility_from_scope
2021-12-11 22:18:48 +05:30
case params[:scope].to_s
2017-08-17 22:00:37 +05:30
when 'are_private'
Snippet::PRIVATE
when 'are_internal'
Snippet::INTERNAL
when 'are_public'
Snippet::PUBLIC
2015-04-26 12:48:37 +05:30
else
2017-08-17 22:00:37 +05:30
nil
2015-04-26 12:48:37 +05:30
end
end
2020-01-01 13:55:28 +05:30
def by_ids(items)
return items unless params[:ids].present?
items.id_in(params[:ids])
end
def author
strong_memoize(:author) do
next unless params[:author].present?
params[:author].is_a?(User) ? params[:author] : User.find_by_id(params[:author])
end
end
def project
strong_memoize(:project) do
next unless params[:project].present?
params[:project].is_a?(Project) ? params[:project] : Project.find_by_id(params[:project])
end
end
2020-07-28 23:09:34 +05:30
def sort_param
2021-12-11 22:18:48 +05:30
params[:sort].presence || 'id_desc'
end
def explore?
params[:explore].present?
end
def only_personal?
params[:only_personal].present?
end
def only_project?
params[:only_project].present?
2020-07-28 23:09:34 +05:30
end
def prepared_union(queries)
return Snippet.none if queries.empty?
return queries.first if queries.length == 1
# The queries are going to be part of a global `where`
# therefore we only need to retrieve the `id` column
# which will speed the query
queries.map! { |rel| rel.select(:id) }
Snippet.id_in(find_union(queries, Snippet))
end
2015-04-26 12:48:37 +05:30
end
2019-12-21 20:55:43 +05:30
2021-06-08 01:23:25 +05:30
SnippetsFinder.prepend_mod_with('SnippetsFinder')