gitlab-org--gitlab-foss/app/finders/issues_finder.rb

# Finders::Issues class
#
# Used to filter Issues collections by set of params
#
# Arguments:
#   current_user - which user use
#   params:
#     scope: 'created-by-me' or 'assigned-to-me' or 'all'
#     state: 'open' or 'closed' or 'all'
#     group_id: integer
#     project_id: integer
#     milestone_id: integer
#     assignee_id: integer
#     search: string
#     label_name: string
#     sort: string
#
class IssuesFinder < IssuableFinder
  def klass
    Issue
  end

  private

  def init_collection
    IssuesFinder.not_restricted_by_confidentiality(current_user)
  end

  def self.not_restricted_by_confidentiality(user)
    return Issue.where('issues.confidential IS NULL OR issues.confidential IS FALSE') if user.blank?

    return Issue.all if user.admin?

    Issue.where('
      issues.confidential IS NULL
      OR issues.confidential IS FALSE
      OR (issues.confidential = TRUE
        AND (issues.author_id = :user_id
          OR issues.assignee_id = :user_id
          OR issues.project_id IN(:project_ids)))',
      user_id: user.id,
      project_ids: user.authorized_projects(Gitlab::Access::REPORTER).select(:id))
  end
end
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 12:15:08 -05:00			`# Finders::Issues class`
			`#`
			`# Used to filter Issues collections by set of params`
			`#`
			`# Arguments:`
			`# current_user - which user use`
			`# params:`
			`# scope: 'created-by-me' or 'assigned-to-me' or 'all'`
			`# state: 'open' or 'closed' or 'all'`
			`# group_id: integer`
			`# project_id: integer`
			`# milestone_id: integer`
			`# assignee_id: integer`
			`# search: string`
			`# label_name: string`
			`# sort: string`
			`#`
Refactor finders. Prevent circular dependency error Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-02 08:28:27 -04:00			`class IssuesFinder < IssuableFinder`
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 12:15:08 -05:00			`def klass`
			`Issue`
			`end`
Restrict access to confidential issues 2016-03-17 15:38:51 -04:00
			`private`

			`def init_collection`
Merge branch 'jej-24637-move-issue-visible_to_user-to-finder' into 'security' Issue#visible_to_user moved to IssuesFinder Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24637. See merge request !2039 2016-12-12 03:43:56 -05:00			`IssuesFinder.not_restricted_by_confidentiality(current_user)`
Restrict access to confidential issues 2016-03-17 15:38:51 -04:00			`end`
fix issues mr counter 2016-06-27 16:22:19 -04:00
Merge branch 'jej-24637-move-issue-visible_to_user-to-finder' into 'security' Issue#visible_to_user moved to IssuesFinder Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/24637. See merge request !2039 2016-12-12 03:43:56 -05:00			`def self.not_restricted_by_confidentiality(user)`
			`return Issue.where('issues.confidential IS NULL OR issues.confidential IS FALSE') if user.blank?`

			`return Issue.all if user.admin?`

			`Issue.where('`
			`issues.confidential IS NULL`
			`OR issues.confidential IS FALSE`
			`OR (issues.confidential = TRUE`
			`AND (issues.author_id = :user_id`
			`OR issues.assignee_id = :user_id`
			`OR issues.project_id IN(:project_ids)))',`
			`user_id: user.id,`
			`project_ids: user.authorized_projects(Gitlab::Access::REPORTER).select(:id))`
			`end`
Move services for collecting items to Finders Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-02-25 12:15:08 -05:00			`end`