Fix banzai iteration references when in private namespace

When parsing references inside Banzai, we do not get access to the current user, and as such we cannot use Finders that check for permissions

Fix banzai iteration references when in private namespace
When parsing references inside Banzai, we do not get access to the current user, and as such we cannot use Finders that check for permissions
3680c78d · Mario de la Ossa · 19240517 · 3680c78d · 3680c78d · 3680c78d
Commit 3680c78d authored Aug 11, 2020 by Mario de la Ossa
4 changed files
--- a/ee/changelogs/unreleased/fix_private_subgroup_iteration_reference.yml
+++ b/ee/changelogs/unreleased/fix_private_subgroup_iteration_reference.yml
+---
+title: Fixed iteration references when in a private group/project
+merge_request: 39262
+author:
+type: fixed
--- a/ee/lib/ee/banzai/filter/iteration_reference_filter.rb
+++ b/ee/lib/ee/banzai/filter/iteration_reference_filter.rb
@@ -10,7 +10,7 @@ module EE
        def find_object(parent, id)
          return unless valid_context?(parent)

-          find_iteration_with_finder(parent, id: id)
+          find_iteration(parent, id: id)
        end

        def valid_context?(parent)
@@ -37,7 +37,7 @@ module EE

          iterations = {}
          unescaped_html = unescape_html_entities(text).gsub(pattern) do |match|
-            iteration = find_iteration($~[:project], $~[:namespace], $~[:iteration_id], $~[:iteration_name])
+            iteration = parse_and_find_iteration($~[:project], $~[:namespace], $~[:iteration_id], $~[:iteration_name])

            if iteration
              iterations[iteration.id] = yield match, iteration.id, $~[:project], $~[:namespace], $~
@@ -52,7 +52,7 @@ module EE
          escape_with_placeholders(unescaped_html, iterations)
        end

-        def find_iteration(project_ref, namespace_ref, iteration_id, iteration_name)
+        def parse_and_find_iteration(project_ref, namespace_ref, iteration_id, iteration_name)
          project_path = full_project_path(namespace_ref, project_ref)

          # Returns group if project is not found by path
@@ -62,7 +62,7 @@ module EE

          iteration_params = iteration_params(iteration_id, iteration_name)

-          find_iteration_with_finder(parent, iteration_params)
+          find_iteration(parent, iteration_params)
        end

        def iteration_params(id, name)
@@ -73,23 +73,17 @@ module EE
          end
        end

-        # rubocop:disable CodeReuse/ActiveRecord
-        def find_iteration_with_finder(parent, params)
-          finder_params = iteration_finder_params(parent)
-
-          ::IterationsFinder.new(context[:current_user], finder_params).find_by(params)
+        # rubocop: disable CodeReuse/ActiveRecord
+        def find_iteration(parent, params)
+          ::Iteration.for_projects_and_groups(project_ids(parent), group_and_ancestors_ids(parent)).find_by(**params)
        end
-        # rubocop:enable CodeReuse/ActiveRecord
-
-        def iteration_finder_params(parent)
-          { order: nil, state: 'all' }.tap do |params|
-            params[:project_ids] = parent.id if project_context?(parent)
+        # rubocop: enable CodeReuse/ActiveRecord

-            params[:group_ids] = self_and_ancestors_ids(parent)
-          end
+        def project_ids(parent)
+          parent.id if project_context?(parent)
        end

-        def self_and_ancestors_ids(parent)
+        def group_and_ancestors_ids(parent)
          if group_context?(parent)
            parent.self_and_ancestors.select(:id)
          elsif project_context?(parent)

--- a/ee/spec/lib/banzai/filter/iteration_reference_filter_spec.rb
+++ b/ee/spec/lib/banzai/filter/iteration_reference_filter_spec.rb
@@ -357,6 +357,21 @@ RSpec.describe Banzai::Filter::IterationReferenceFilter do
          end
        end
      end
+
+      context 'for private subgroups' do
+        let(:sub_group) { create(:group, :private, parent: group) }
+        let(:sub_group_iteration) { create(:iteration, title: 'sub_group_iteration', group: sub_group) }
+
+        it 'links to a valid reference of subgroup and group iterations' do
+          [group_iteration, sub_group_iteration].each do |iteration|
+            reference = "*iteration:#{iteration.title}"
+
+            result = reference_filter("See #{reference}", { project: nil, group: sub_group })
+
+            expect(result.css('a').first.attr('href')).to eq(urls.iteration_url(iteration))
+          end
+        end
+      end
    end
  end


--- a/lib/gitlab/markdown_cache.rb
+++ b/lib/gitlab/markdown_cache.rb
@@ -3,7 +3,7 @@
 module Gitlab
  module MarkdownCache
    # Increment this number every time the renderer changes its output
-    CACHE_COMMONMARK_VERSION        = 24
+    CACHE_COMMONMARK_VERSION        = 25
    CACHE_COMMONMARK_VERSION_START  = 10

    BaseError = Class.new(StandardError)