Use a custom ProjectParser#nodes_visible_to_user function so that the user permissions for all project references can be checked together
This commit is contained in:
parent
77c53f6126
commit
2730ae1d86
1 changed files with 21 additions and 2 deletions
|
@ -7,10 +7,29 @@ module Banzai
|
|||
Project
|
||||
end
|
||||
|
||||
def nodes_visible_to_user(user, nodes)
|
||||
nodes_projects_hash = lazy { projects_for_nodes(nodes) }
|
||||
project_attr = 'data-project'
|
||||
|
||||
readable_project_ids = projects_readable_by_user(nodes_projects_hash.values, user)
|
||||
|
||||
nodes.select do |node|
|
||||
if node.has_attribute?(project_attr)
|
||||
readable_project_ids.include?(nodes_projects_hash[node].try(:id))
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def can_read_reference?(user, ref_project, node)
|
||||
can?(user, :read_project, ref_project)
|
||||
# Returns an Array of Project ids that can be read by the given user.
|
||||
#
|
||||
# projects - The projects to reduce down to those readable by the user.
|
||||
# user - The User for which to check the projects
|
||||
def projects_readable_by_user(projects, user)
|
||||
Project.public_or_visible_to_user(user).where("projects.id IN (?)", projects.collect(&:id)).pluck(:id)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue