Use a custom ProjectParser#nodes_visible_to_user function so that the user permissions for all project references can be checked together

2018-07-05 01:26:09 +05:30 · 2018-07-05 01:26:09 +05:30 · 2730ae1d86
parent 77c53f6126
commit 2730ae1d86
1 changed files with 21 additions and 2 deletions
--- a/lib/banzai/reference_parser/project_parser.rb
+++ b/lib/banzai/reference_parser/project_parser.rb
@ -7,10 +7,29 @@ module Banzai
        Project
      end

+      def nodes_visible_to_user(user, nodes)
+        nodes_projects_hash = lazy { projects_for_nodes(nodes) }
+        project_attr = 'data-project'
+
+        readable_project_ids = projects_readable_by_user(nodes_projects_hash.values, user)
+
+        nodes.select do |node|
+          if node.has_attribute?(project_attr)
+            readable_project_ids.include?(nodes_projects_hash[node].try(:id))
+          else
+            true
+          end
+        end
+      end
+
      private

-      def can_read_reference?(user, ref_project, node)
-        can?(user, :read_project, ref_project)
+      # Returns an Array of Project ids that can be read by the given user.
+      #
+      # projects - The projects to reduce down to those readable by the user.
+      # user - The User for which to check the projects
+      def projects_readable_by_user(projects, user)
+        Project.public_or_visible_to_user(user).where("projects.id IN (?)", projects.collect(&:id)).pluck(:id)
      end
    end
  end