2016-05-26 07:16:43 -04:00
|
|
|
module Banzai
|
|
|
|
module ReferenceParser
|
2017-12-01 04:21:05 -05:00
|
|
|
class IssueParser < IssuableParser
|
2016-05-26 07:16:43 -04:00
|
|
|
self.reference_type = :issue
|
|
|
|
|
|
|
|
def nodes_visible_to_user(user, nodes)
|
2017-12-01 04:21:05 -05:00
|
|
|
issues = records_for_nodes(nodes)
|
2018-04-03 09:45:17 -04:00
|
|
|
issues_to_check, cross_project_issues = partition_issues(issues, user)
|
2016-05-26 07:16:43 -04:00
|
|
|
|
2018-04-03 09:45:17 -04:00
|
|
|
readable_issues =
|
|
|
|
Ability.issues_readable_by_user(issues_to_check, user).to_set
|
2016-05-26 07:16:43 -04:00
|
|
|
|
2016-07-20 14:13:02 -04:00
|
|
|
nodes.select do |node|
|
2017-12-11 09:21:06 -05:00
|
|
|
issue_in_node = issues[node]
|
|
|
|
|
|
|
|
# We check the inclusion of readable issues first because it's faster.
|
|
|
|
#
|
|
|
|
# But we need to fall back to `read_issue_iid` if the user cannot read
|
|
|
|
# cross project, since it might be possible the user can see the IID
|
|
|
|
# but not the issue.
|
|
|
|
if readable_issues.include?(issue_in_node)
|
|
|
|
true
|
2018-04-03 09:45:17 -04:00
|
|
|
elsif cross_project_issues.include?(issue_in_node)
|
2017-12-11 09:21:06 -05:00
|
|
|
can_read_reference?(user, issue_in_node)
|
|
|
|
else
|
|
|
|
false
|
|
|
|
end
|
2016-05-26 07:16:43 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-04-03 09:45:17 -04:00
|
|
|
# issues - A Hash mapping HTML nodes to their corresponding Issue
|
|
|
|
# instances.
|
|
|
|
# user - The current User.
|
|
|
|
def partition_issues(issues, user)
|
|
|
|
return [issues.values, []] if can?(user, :read_cross_project)
|
|
|
|
|
|
|
|
issues_to_check = []
|
|
|
|
cross_project_issues = []
|
|
|
|
|
|
|
|
# We manually partition the data since our input is a Hash and our
|
|
|
|
# output has to be an Array of issues; not an Array of (node, issue)
|
|
|
|
# pairs.
|
|
|
|
issues.each do |node, issue|
|
|
|
|
target =
|
|
|
|
if issue.project == project_for_node(node)
|
|
|
|
issues_to_check
|
|
|
|
else
|
|
|
|
cross_project_issues
|
|
|
|
end
|
|
|
|
|
|
|
|
target << issue
|
|
|
|
end
|
|
|
|
|
|
|
|
[issues_to_check, cross_project_issues]
|
|
|
|
end
|
|
|
|
|
2017-12-01 04:21:05 -05:00
|
|
|
def records_for_nodes(nodes)
|
2016-05-26 07:16:43 -04:00
|
|
|
@issues_for_nodes ||= grouped_objects_for_nodes(
|
|
|
|
nodes,
|
2016-06-08 12:13:52 -04:00
|
|
|
Issue.all.includes(
|
|
|
|
:author,
|
2017-05-04 08:11:15 -04:00
|
|
|
:assignees,
|
2016-06-08 12:13:52 -04:00
|
|
|
{
|
|
|
|
# These associations are primarily used for checking permissions.
|
|
|
|
# Eager loading these ensures we don't end up running dozens of
|
|
|
|
# queries in this process.
|
|
|
|
project: [
|
|
|
|
{ namespace: :owner },
|
|
|
|
{ group: [:owners, :group_members] },
|
|
|
|
:invited_groups,
|
2017-09-18 19:14:44 -04:00
|
|
|
:project_members,
|
|
|
|
:project_feature
|
2016-06-08 12:13:52 -04:00
|
|
|
]
|
|
|
|
}
|
|
|
|
),
|
2016-05-26 07:16:43 -04:00
|
|
|
self.class.data_attribute
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|