kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

History

Douwe Maan f23b1cb453 Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security' Replace MR access checks with use of MergeRequestsFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ⚠️ - Potentially untested 💣 - No test coverage 🚥 - Test coverage of some sort exists (a test failed when error raised) 🚦 - Test coverage of return value (a test failed when nil used) ✅ - Permissions check tested - [x] 💣 app/finders/notes_finder.rb:17 - [x] ⚠️ app/views/layouts/nav/_project.html.haml:80 [`.count`] - [x] 💣 app/controllers/concerns/creates_commit.rb:84 - [x] 🚥 app/controllers/projects/commits_controller.rb:24 - [x] 🚥 app/controllers/projects/compare_controller.rb:56 - [x] 🚦 app/controllers/projects/discussions_controller.rb:29 - [x] ✅ app/controllers/projects/todos_controller.rb:27 - [x] 🚦 app/models/commit.rb:268 - [x] ✅ lib/gitlab/search_results.rb:71 - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_267_266 Memoize ` merged_merge_request(current_user)` - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_248_247 Expected side effect for `merged_merge_request!`, consider `skip_authorization: true`. - [x] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#d1c10892daedb4d4dd3d4b12b6d071091eea83df_269_269 Scary use of unchecked `merged_merge_request?` See merge request !2033		2016-12-08 21:42:07 -03:00
..
access_requests_finder.rb	Use Ability.allowed? instead of current_user.can? in AccessRequestsFinder	2016-09-28 08:46:59 +02:00
branches_finder.rb	implements the basic filter functionality	2016-07-19 19:30:10 +01:00
contributed_projects_finder.rb	Tweaks, refactoring, and specs	2016-03-20 21:04:07 +01:00
group_projects_finder.rb	Fix groups API to list only user's accessible projects	2016-05-24 18:14:12 -07:00
groups_finder.rb	Tweaks, refactoring, and specs	2016-03-20 21:04:07 +01:00
issuable_finder.rb	Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security'	2016-12-08 21:42:07 -03:00
issues_finder.rb	fix issues mr counter	2016-09-20 14:39:15 +01:00
joined_groups_finder.rb	Address feedback	2016-03-22 00:09:20 +01:00
labels_finder.rb	Limit labels returned for a specific project as an administrator	2016-11-16 15:04:51 +02:00
merge_requests_finder.rb	Fix Archived project merge requests add to group's Merge Requests	2016-12-05 18:06:36 +01:00
milestones_finder.rb	sort milestones by due_date	2015-12-03 08:53:34 -06:00
move_to_project_finder.rb	Move to project dropdown with infinite scroll for better performance	2016-08-18 15:31:51 +02:00
notes_finder.rb	Merge branch 'jej-23867-use-mr-finder-instead-of-access-check' into 'security'	2016-12-08 21:42:07 -03:00
personal_projects_finder.rb	Tweaks, refactoring, and specs	2016-03-20 21:04:07 +01:00
pipelines_finder.rb	Use PipelinesFinder in Pipelines API	2016-09-07 15:38:03 +02:00
projects_finder.rb	Pass project IDs relation to ProjectsFinder instead of using a block	2016-08-15 12:49:31 +02:00
README.md	Set milestone on new issue when creating issue from index with milestone filter active.	2015-05-27 14:22:11 +02:00
snippets_finder.rb	Project members with guest role can't access confidential issues	2016-06-13 19:32:00 -03:00
tags_finder.rb	add specs for tags finder	2016-08-31 19:16:47 +01:00
todos_finder.rb	remove Ability.abilities	2016-08-30 11:35:06 -07:00
union_finder.rb	Tweaks, refactoring, and specs	2016-03-20 21:04:07 +01:00

README.md

Finders

This type of classes responsible for collection items based on different conditions. To prevent lookup methods in models like this:

class Project
  def issues_for_user_filtered_by(user, filter)
    # A lot of logic not related to project model itself
  end
end

issues = project.issues_for_user_filtered_by(user, params)

Better use this:

issues = IssuesFinder.new(project, user, filter).execute

It will help keep models thiner.