ef1811f4bc
When a user is authorized to a group, they are also authorized to see all the ancestor groups and descendant groups. When a user is authorized to a project, they are authorized to see all the ancestor groups too. Closes #32135 See merge request !11764
34 lines
831 B
Ruby
34 lines
831 B
Ruby
class GroupsFinder < UnionFinder
|
|
def initialize(current_user = nil, params = {})
|
|
@current_user = current_user
|
|
@params = params
|
|
end
|
|
|
|
def execute
|
|
groups = find_union(all_groups, Group).with_route.order_id_desc
|
|
by_parent(groups)
|
|
end
|
|
|
|
private
|
|
|
|
attr_reader :current_user, :params
|
|
|
|
def all_groups
|
|
groups = []
|
|
|
|
if current_user
|
|
groups_for_ancestors = find_union([current_user.authorized_groups, authorized_project_groups], Group)
|
|
groups_for_descendants = current_user.authorized_groups
|
|
groups << Gitlab::GroupHierarchy.new(groups_for_ancestors, groups_for_descendants).all_groups
|
|
end
|
|
groups << Group.unscoped.public_to_user(current_user)
|
|
|
|
groups
|
|
end
|
|
|
|
def by_parent(groups)
|
|
return groups unless params[:parent]
|
|
|
|
groups.where(parent: params[:parent])
|
|
end
|
|
end
|