Commit graph

5 commits

Author SHA1 Message Date
Douwe Maan
bf061d0aff
Merge branch 'issue_23548_dev' into 'master'
disable markdown in comments when referencing disabled features

fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548

This MR prevents the following references when tool is disabled:

- issues
- snippets
- commits - when repo is disabled
- commit range - when repo is disabled
- milestones

This MR does not prevent references to repository files, since they are just markdown links and don't leak
information.

See merge request !2011

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-11-09 12:25:17 +01:00
http://jneen.net/
5853c96b49 remove Ability.abilities 2016-08-30 11:35:06 -07:00
Yorick Peterse
002ad21581
Method for returning issues readable by a user
The method Ability.issues_readable_by_user takes a list of users and an
optional user and returns an Array of issues readable by said user. This
method in turn is used by
Banzai::ReferenceParser::IssueParser#nodes_visible_to_user so this
method no longer needs to get all the available abilities just to check
if a user has the "read_issue" ability.

To test this I benchmarked an issue with 222 comments on my development
environment. Using these changes the time spent in nodes_visible_to_user
was reduced from around 120 ms to around 40 ms.
2016-07-29 12:51:18 +02:00
Yorick Peterse
9ac4c556ea
Re-use queries in reference parsers
This caches various queries to ensure that multiple reference extraction
runs re-use any objects queried in previous runs.
2016-07-08 21:54:35 +02:00
Yorick Peterse
86166d2802
Split Markdown rendering & reference gathering
This splits the Markdown rendering and reference extraction phases into
two distinct code bases. The reference extraction phase no longer relies
on the html-pipeline Gem (and any related code) and allows for
extracting of references from multiple HTML nodes in a single pass. This
means that if you want to extract user references from 200 comments you
no longer need to run 200 times N number of queries, instead only a
handful of queries may be needed.
2016-05-26 17:14:00 +02:00