Skip authorization check when searching for labels on IssuableFinder

adb8b828 · Douglas Barbosa Alexandre · bc7895ff · adb8b828 · adb8b828
Commit adb8b828 authored Oct 28, 2016 by Douglas Barbosa Alexandre
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

app/finders/issuable_finder.rb app/finders/issuable_finder.rb +2 -2

app/finders/labels_finder.rb app/finders/labels_finder.rb +1 -1

No files found.
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -126,7 +126,7 @@ class IssuableFinder
    @labels =
      if labels? && !filter_by_no_label?
-        LabelsFinder.new(current_user, project_ids: projects, title: label_names).execute
+        LabelsFinder.new(current_user, project_ids: projects, title: label_names).execute(skip_authorization: true)
      else
        Label.none
      end
@@ -273,7 +273,7 @@ class IssuableFinder
        items = items.with_label(label_names, params[:sort])
        if projects
-          label_ids = LabelsFinder.new(current_user, project_ids: projects).execute.select(:id)
+          label_ids = LabelsFinder.new(current_user, project_ids: projects).execute(skip_authorization: true).select(:id)
          items = items.where(labels: { id: label_ids })
        end
      end

--- a/app/finders/labels_finder.rb
+++ b/app/finders/labels_finder.rb
@@ -22,7 +22,7 @@ class LabelsFinder < UnionFinder
      label_ids << project.group.labels if project.group.present?
      label_ids << project.labels
    else
-      label_ids << Label.where(group_id: projects.group_ids.uniq)
+      label_ids << Label.where(group_id: projects.group_ids)
      label_ids << Label.where(project_id: projects.select(:id))
    end