gitlab-org--gitlab-foss/app/finders/notes_finder.rb

class NotesFinder
  FETCH_OVERLAP = 5.seconds

  def execute(project, current_user, params)
    target_type = params[:target_type]
    target_id   = params[:target_id]
    # Default to 0 to remain compatible with old clients
    last_fetched_at = Time.at(params.fetch(:last_fetched_at, 0).to_i)

    notes =
      case target_type
      when "commit"
        project.notes.for_commit_id(target_id).non_diff_notes
      when "issue"
        IssuesFinder.new(current_user, project_id: project.id).find(target_id).notes.inc_author
      when "merge_request"
        project.merge_requests.find(target_id).mr_and_commit_notes.inc_author
      when "snippet", "project_snippet"
        project.snippets.find(target_id).notes
      else
        raise 'invalid target_type'
      end

    # Use overlapping intervals to avoid worrying about race conditions
    notes.where('updated_at > ?', last_fetched_at - FETCH_OVERLAP).fresh
  end
end
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 17:15:08 +00:00			`class NotesFinder`
Filter out old notes in NotesFinder 2014-04-28 10:13:29 +00:00			`FETCH_OVERLAP = 5.seconds`

Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 17:15:08 +00:00			`def execute(project, current_user, params)`
			`target_type = params[:target_type]`
			`target_id = params[:target_id]`
Default last_fetched_at to 0 for old clients Users who have not refreshed their browser tab will poll GitLab using outdated JS. This change makes the server fall back to the old behavior (send all comments) for old clients, instead of throwing an exception for old clients. 2014-04-28 14:37:19 +00:00			`# Default to 0 to remain compatible with old clients`
			`last_fetched_at = Time.at(params.fetch(:last_fetched_at, 0).to_i)`
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 17:15:08 +00:00
Rubocop: Style/CaseIndentation enabled 2015-02-03 05:26:40 +00:00			`notes =`
			`case target_type`
			`when "commit"`
Extract LegacyDiffNote out of Note 2016-05-10 22:41:46 +00:00			`project.notes.for_commit_id(target_id).non_diff_notes`
Rubocop: Style/CaseIndentation enabled 2015-02-03 05:26:40 +00:00			`when "issue"`
Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security' Replace issue access checks with use of IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ## Which fixes are in this MR? :warning: - Potentially untested :bomb: - No test coverage :traffic_light: - Test coverage of some sort exists (a test failed when error raised) :vertical_traffic_light: - Test coverage of return value (a test failed when nil used) :white_check_mark: - Permissions check tested ### Issue lookup with access check Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells). - [x] :vertical_traffic_light: app/finders/notes_finder.rb:15 [`visible_to_user`] - [x] :traffic_light: app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`] - [x] :white_check_mark: app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`] - [x] :white_check_mark: lib/api/issues.rb:112 [`visible_to_user`] - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone - [x] :white_check_mark: lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too? - [x] :white_check_mark: lib/gitlab/search_results.rb:53 [`visible_to_user`] ### Previous discussions - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126 - [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87 See merge request !2031 2016-11-22 10:25:04 +00:00			`IssuesFinder.new(current_user, project_id: project.id).find(target_id).notes.inc_author`
Rubocop: Style/CaseIndentation enabled 2015-02-03 05:26:40 +00:00			`when "merge_request"`
move frontend logic from previous MR to new MR 2016-04-25 08:09:39 +00:00			`project.merge_requests.find(target_id).mr_and_commit_notes.inc_author`
Rubocop: Style/CaseIndentation enabled 2015-02-03 05:26:40 +00:00			`when "snippet", "project_snippet"`
Add index on order columns 2015-02-06 18:21:48 +00:00			`project.snippets.find(target_id).notes`
Rubocop: Style/CaseIndentation enabled 2015-02-03 05:26:40 +00:00			`else`
			`raise 'invalid target_type'`
			`end`
Filter out old notes in NotesFinder 2014-04-28 10:13:29 +00:00
			`# Use overlapping intervals to avoid worrying about race conditions`
Add index on order columns 2015-02-06 18:21:48 +00:00			`notes.where('updated_at > ?', last_fetched_at - FETCH_OVERLAP).fresh`
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 17:15:08 +00:00			`end`
			`end`