gitlab-org--gitlab-foss/lib/gitlab/markdown/redactor_filter.rb

require 'gitlab/markdown'
require 'html/pipeline/filter'

module Gitlab
  module Markdown
    # HTML filter that removes references to records that the current user does
    # not have permission to view.
    #
    # Expected to be run in its own post-processing pipeline.
    #
    class RedactorFilter < HTML::Pipeline::Filter
      def call
        doc.css('a.gfm').each do |node|
          unless user_can_reference?(node)
            node.replace(node.text)
          end
        end

        doc
      end

      def user_can_reference?(node)
        if node.has_attribute?('data-group-id')
          user_can_reference_group?(node.attr('data-group-id'))
        elsif node.has_attribute?('data-project-id')
          user_can_reference_project?(node.attr('data-project-id'))
        elsif node.has_attribute?('data-user-id')
          user_can_reference_user?(node.attr('data-user-id'))
        else
          true
        end
      end

      def user_can_reference_group?(id)
        group = Group.find(id)

        group && can?(:read_group, group)
      rescue ActiveRecord::RecordNotFound
        false
      end

      def user_can_reference_project?(id)
        project = Project.find(id)

        project && can?(:read_project, project)
      rescue ActiveRecord::RecordNotFound
        false
      end

      def user_can_reference_user?(id)
        # Permit all user reference links
        true
      end

      private

      def abilities
        Ability.abilities
      end

      def can?(ability, object)
        abilities.allowed?(current_user, ability, object)
      end

      def current_user
        context[:current_user]
      end
    end
  end
end
Add RedactorFilter 2015-08-05 02:25:08 +00:00			`require 'gitlab/markdown'`
			`require 'html/pipeline/filter'`

			`module Gitlab`
			`module Markdown`
			`# HTML filter that removes references to records that the current user does`
			`# not have permission to view.`
			`#`
			`# Expected to be run in its own post-processing pipeline.`
			`#`
			`class RedactorFilter < HTML::Pipeline::Filter`
			`def call`
			`doc.css('a.gfm').each do \|node\|`
			`unless user_can_reference?(node)`
			`node.replace(node.text)`
			`end`
			`end`

			`doc`
			`end`

			`def user_can_reference?(node)`
			`if node.has_attribute?('data-group-id')`
			`user_can_reference_group?(node.attr('data-group-id'))`
			`elsif node.has_attribute?('data-project-id')`
			`user_can_reference_project?(node.attr('data-project-id'))`
			`elsif node.has_attribute?('data-user-id')`
			`user_can_reference_user?(node.attr('data-user-id'))`
			`else`
Default `user_can_reference?` to true when no attributes match Now, a reference link with a `.gfm` class but without one of our `data-*-id` attributes should be shown to the user rather than hidden. 2015-09-01 21:43:35 +00:00			`true`
Add RedactorFilter 2015-08-05 02:25:08 +00:00			`end`
			`end`

			`def user_can_reference_group?(id)`
			`group = Group.find(id)`

			`group && can?(:read_group, group)`
Rescue from `RecordNotFound` in RedactorFilter 2015-09-01 21:45:25 +00:00			`rescue ActiveRecord::RecordNotFound`
			`false`
Add RedactorFilter 2015-08-05 02:25:08 +00:00			`end`

			`def user_can_reference_project?(id)`
			`project = Project.find(id)`

			`project && can?(:read_project, project)`
Rescue from `RecordNotFound` in RedactorFilter 2015-09-01 21:45:25 +00:00			`rescue ActiveRecord::RecordNotFound`
			`false`
Add RedactorFilter 2015-08-05 02:25:08 +00:00			`end`

			`def user_can_reference_user?(id)`
			`# Permit all user reference links`
			`true`
			`end`

			`private`

			`def abilities`
			`Ability.abilities`
			`end`

			`def can?(ability, object)`
			`abilities.allowed?(current_user, ability, object)`
			`end`

			`def current_user`
			`context[:current_user]`
			`end`
			`end`
			`end`
			`end`