Commit graph

19 commits

Author SHA1 Message Date
Jan Provaznik
017c1297cd Skip projects filter on issues search
When searching for issues, an additional subquery
is added which filters only issues in a project. If global context is
used (no project is specified) this query filters all projects user has
access to.

In that case we can skip this filter because filtering only projects
user has access to is added anyway.

The filter is used only if a custom project context is specified

Related to #40540
2018-01-02 12:07:26 +01:00
Jan Provaznik
d2f1d585e1 Skip projects filter on merge requests search
When searching for merge requests, an additional subquery
is added which by default filters only merge requests which belong
to source or target project user has permission for.

This filter is not needed because more restrictive filter
which checks if user has permission for target project
is used in the query.

So unless a custom projects filter is used by user, it's possible
to skip the default projects filter and speed up the final query.

Related to #40540
2017-12-21 15:43:14 +01:00
Douwe Maan
8041a87288 Drastically improve project search performance by no longer searching namespace name 2017-11-24 15:57:17 +01:00
Nick Thomas
7f32ad7097 Fix blob highlighting in search 2017-04-03 18:51:44 +01:00
Douwe Maan
5c7f9d69e3 Fix code for cops 2017-02-23 09:31:57 -06:00
Douwe Maan
8a4d68c53e Enable Style/ConditionalAssignment 2017-02-23 09:31:57 -06:00
YarNayar
99404a5851 Search feature: redirects to commit page if query is commit sha and only commit found
See !8028 and #24833
2017-01-24 14:58:00 +03:00
Douwe Maan
f23b1cb453 Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security'
Replace MR access checks with use of MergeRequestsFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x] 💣  app/finders/notes_finder.rb:17
- [x] ⚠️  app/views/layouts/nav/_project.html.haml:80 [`.count`]
- [x] 💣  app/controllers/concerns/creates_commit.rb:84
- [x] 🚥  app/controllers/projects/commits_controller.rb:24
- [x] 🚥  app/controllers/projects/compare_controller.rb:56
- [x] 🚦  app/controllers/projects/discussions_controller.rb:29
- [x]   app/controllers/projects/todos_controller.rb:27
- [x] 🚦  app/models/commit.rb:268
- [x]  lib/gitlab/search_results.rb:71

- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)`
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`.
- [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use  of unchecked `merged_merge_request?`

See merge request !2033
2016-12-08 21:42:07 -03:00
Douwe Maan
3bf34face4 Merge branch 'jej-use-issuable-finder-instead-of-access-check' into 'security'
Replace issue access checks with use of IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

## Which fixes are in this MR?

⚠️ - Potentially untested  
💣 - No test coverage  
🚥 - Test coverage of some sort exists (a test failed when error raised)  
🚦 - Test coverage of return value (a test failed when nil used)  
 - Permissions check tested

### Issue lookup with access check

Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells).

- [x] 🚦 app/finders/notes_finder.rb:15 [`visible_to_user`]
- [x] 🚥 app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`]
- [x]  app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`]
- [x]  lib/api/issues.rb:112 [`visible_to_user`]
  - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone
- [x]  lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too?
- [x]  lib/gitlab/search_results.rb:53 [`visible_to_user`]

### Previous discussions
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87

See merge request !2031
2016-11-28 21:26:23 -03:00
Valery Sizov
03bed0fbd3 Clean up search result classes 2016-09-06 10:12:55 +03:00
Douglas Barbosa Alexandre
f2ba4e3d36 Restrict access to confidential issues on search results 2016-03-17 20:55:59 -03:00
Yorick Peterse
b77b3b16b6 Removed order from sub-query projects for search
There's no need to order queries used as sub-queries and doing so can
add potential overhead.
2016-03-11 15:25:23 -05:00
Yorick Peterse
013542965c Refactor Gitlab::SearchResults
Instead of plucking IDs this class now uses ActiveRecord::Relation
objects. Plucking IDs is problematic as searching for projects can lead
to a huge amount of IDs being loaded into memory only to be used as an
argument for another query (instead of just using a sub-query).
2016-03-11 15:25:22 -05:00
Valery Sizov
56527b63e8 Ability to search milestones 2015-08-24 13:59:01 +03:00
Nikita Verkhovin
241f5971ba Add search issues/MR by number 2015-05-18 13:09:13 +06:00
Dmitriy Zaporozhets
c5c906fe64
Fix tests
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-08-27 15:26:35 +03:00
Dmitriy Zaporozhets
8b00d01c67
Search by issue/mr title and description
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-08-27 12:47:30 +03:00
Dmitriy Zaporozhets
9e5bc43263
Pass scope and page to Gitlab::SearchResults#objects instead of initialize
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-08-27 00:04:14 +03:00
Dmitriy Zaporozhets
9a4ef7e7eb
Search results libraries added
Gitlab::SearchResults and Gitlab::ProjectSearchResults are libraries we
are going to use to get search results based on query, enitity type and
pagination.

It will allow us to get only issues from project #23 where title or
description includes 'foo'.

Ex:

search_results = Gitlab::ProjectSearchResults.new(project.id, 'foo', 'issues')

search_results.objects => # [<Issues #23>, <Issues #34>]
search_results.issues_count => 2
search_results.total_count => 12 (it includes results from comments and
merge requests too)

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-08-26 23:32:41 +03:00