2018-12-13 13:39:08 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-06-16 23:09:34 +05:30
|
|
|
module Banzai
|
|
|
|
module ReferenceParser
|
2018-03-17 18:26:18 +05:30
|
|
|
class IssueParser < IssuableParser
|
2016-06-16 23:09:34 +05:30
|
|
|
self.reference_type = :issue
|
|
|
|
|
|
|
|
def nodes_visible_to_user(user, nodes)
|
2018-03-17 18:26:18 +05:30
|
|
|
issues = records_for_nodes(nodes)
|
2018-05-09 12:01:36 +05:30
|
|
|
issues_to_check, cross_project_issues = partition_issues(issues, user)
|
2016-06-16 23:09:34 +05:30
|
|
|
|
2018-05-09 12:01:36 +05:30
|
|
|
readable_issues =
|
|
|
|
Ability.issues_readable_by_user(issues_to_check, user).to_set
|
2016-06-16 23:09:34 +05:30
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
nodes.select do |node|
|
2018-03-27 19:54:05 +05:30
|
|
|
issue_in_node = issues[node]
|
|
|
|
|
|
|
|
# We check the inclusion of readable issues first because it's faster.
|
|
|
|
#
|
|
|
|
# But we need to fall back to `read_issue_iid` if the user cannot read
|
|
|
|
# cross project, since it might be possible the user can see the IID
|
|
|
|
# but not the issue.
|
|
|
|
if readable_issues.include?(issue_in_node)
|
|
|
|
true
|
2018-05-09 12:01:36 +05:30
|
|
|
elsif cross_project_issues.include?(issue_in_node)
|
2018-03-27 19:54:05 +05:30
|
|
|
can_read_reference?(user, issue_in_node)
|
|
|
|
else
|
|
|
|
false
|
|
|
|
end
|
2016-06-16 23:09:34 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-05-09 12:01:36 +05:30
|
|
|
# issues - A Hash mapping HTML nodes to their corresponding Issue
|
|
|
|
# instances.
|
|
|
|
# user - The current User.
|
|
|
|
def partition_issues(issues, user)
|
|
|
|
return [issues.values, []] if can?(user, :read_cross_project)
|
|
|
|
|
|
|
|
issues_to_check = []
|
|
|
|
cross_project_issues = []
|
|
|
|
|
|
|
|
# We manually partition the data since our input is a Hash and our
|
|
|
|
# output has to be an Array of issues; not an Array of (node, issue)
|
|
|
|
# pairs.
|
|
|
|
issues.each do |node, issue|
|
|
|
|
target =
|
|
|
|
if issue.project == project_for_node(node)
|
|
|
|
issues_to_check
|
|
|
|
else
|
|
|
|
cross_project_issues
|
|
|
|
end
|
|
|
|
|
|
|
|
target << issue
|
|
|
|
end
|
|
|
|
|
|
|
|
[issues_to_check, cross_project_issues]
|
|
|
|
end
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
def records_for_nodes(nodes)
|
2016-06-16 23:09:34 +05:30
|
|
|
@issues_for_nodes ||= grouped_objects_for_nodes(
|
|
|
|
nodes,
|
|
|
|
Issue.all.includes(
|
|
|
|
:author,
|
2017-08-17 22:00:37 +05:30
|
|
|
:assignees,
|
2016-06-16 23:09:34 +05:30
|
|
|
{
|
|
|
|
# These associations are primarily used for checking permissions.
|
|
|
|
# Eager loading these ensures we don't end up running dozens of
|
|
|
|
# queries in this process.
|
2021-09-04 01:27:46 +05:30
|
|
|
project: [:namespace, :project_feature, :route]
|
2016-06-16 23:09:34 +05:30
|
|
|
}
|
|
|
|
),
|
|
|
|
self.class.data_attribute
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|