debian-mirror-gitlab/app/finders/user_recent_events_finder.rb

# Get user activity feed for projects common for a user and a logged in user
#
# - current_user: The user viewing the events
#                 WARNING: does not consider project feature visibility!
# - user: The user for which to load the events
# - params:
#   - offset: The page of events to return
class UserRecentEventsFinder
  prepend FinderWithCrossProjectAccess
  include FinderMethods
  include Gitlab::Allowable

  requires_cross_project_access

  attr_reader :current_user, :target_user, :params

  LIMIT = 20

  def initialize(current_user, target_user, params = {})
    @current_user = current_user
    @target_user = target_user
    @params = params
  end

  def execute
    return Event.none unless can?(current_user, :read_user_profile, target_user)

    recent_events(params[:offset] || 0)
      .joins(:project)
      .with_associations
      .limit_recent(LIMIT, params[:offset])
  end

  private

  def recent_events(offset)
    sql = <<~SQL
      (#{projects}) AS projects_for_join
      JOIN (#{target_events.to_sql}) AS #{Event.table_name}
        ON #{Event.table_name}.project_id = projects_for_join.id
    SQL

    # Workaround for https://github.com/rails/rails/issues/24193
    Event.from([Arel.sql(sql)])
  end

  def target_events
    Event.where(author: target_user)
  end

  def projects
    # Compile a list of projects `current_user` interacted with
    # and `target_user` is allowed to see.

    authorized = target_user
      .project_interactions
      .joins(:project_authorizations)
      .where(project_authorizations: { user: current_user })
      .select(:id)

    visible = target_user
      .project_interactions
      .where(visibility_level: Gitlab::VisibilityLevel.levels_for_user(current_user))
      .select(:id)

    Gitlab::SQL::Union.new([authorized, visible]).to_sql
  end
end
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`# Get user activity feed for projects common for a user and a logged in user`
			`#`
			`# - current_user: The user viewing the events`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`# WARNING: does not consider project feature visibility!`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`# - user: The user for which to load the events`
			`# - params:`
			`# - offset: The page of events to return`
			`class UserRecentEventsFinder`
			`prepend FinderWithCrossProjectAccess`
			`include FinderMethods`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`include Gitlab::Allowable`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30
			`requires_cross_project_access`

			`attr_reader :current_user, :target_user, :params`

			`LIMIT = 20`

			`def initialize(current_user, target_user, params = {})`
			`@current_user = current_user`
			`@target_user = target_user`
			`@params = params`
			`end`

			`def execute`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`return Event.none unless can?(current_user, :read_user_profile, target_user)`

New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`recent_events(params[:offset] \|\| 0)`
			`.joins(:project)`
			`.with_associations`
			`.limit_recent(LIMIT, params[:offset])`
			`end`

			`private`

			`def recent_events(offset)`
			`sql = <<~SQL`
			`(#{projects}) AS projects_for_join`
			`JOIN (#{target_events.to_sql}) AS #{Event.table_name}`
			`ON #{Event.table_name}.project_id = projects_for_join.id`
			`SQL`

			`# Workaround for https://github.com/rails/rails/issues/24193`
			`Event.from([Arel.sql(sql)])`
			`end`

			`def target_events`
			`Event.where(author: target_user)`
			`end`

			`def projects`
			# Compile a list of projects `current_user` interacted with
			# and `target_user` is allowed to see.

			`authorized = target_user`
			`.project_interactions`
			`.joins(:project_authorizations)`
			`.where(project_authorizations: { user: current_user })`
			`.select(:id)`

			`visible = target_user`
			`.project_interactions`
New upstream version 10.7.6+dfsg 2018-06-27 16:04:02 +05:30			`.where(visibility_level: Gitlab::VisibilityLevel.levels_for_user(current_user))`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`.select(:id)`

			`Gitlab::SQL::Union.new([authorized, visible]).to_sql`
			`end`
			`end`