Commit 49fce172 authored by Felipe Artur's avatar Felipe Artur

Remove not used parameter from epics finder

Removed groups parameter from
can_read_all_epics_in_related_groups function.

Changelog: other
EE: true
parent 546408fe
...@@ -101,7 +101,7 @@ class EpicsFinder < IssuableFinder ...@@ -101,7 +101,7 @@ class EpicsFinder < IssuableFinder
# if user is member of top-level related group, he can automatically read # if user is member of top-level related group, he can automatically read
# all epics in all subgroups # all epics in all subgroups
next groups if can_read_all_epics_in_related_groups?(groups, include_confidential: false) next groups if can_read_all_epics_in_related_groups?(include_confidential: false)
next groups.public_to_user unless current_user next groups.public_to_user unless current_user
next groups.public_to_user(current_user) unless groups.user_is_member(current_user).exists? next groups.public_to_user(current_user) unless groups.user_is_member(current_user).exists?
...@@ -204,7 +204,7 @@ class EpicsFinder < IssuableFinder ...@@ -204,7 +204,7 @@ class EpicsFinder < IssuableFinder
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
def with_confidentiality_access_check(epics, groups) def with_confidentiality_access_check(epics, groups)
return epics if can_read_all_epics_in_related_groups?(groups) return epics if can_read_all_epics_in_related_groups?
epics.not_confidential_or_in_groups(groups_with_confidential_access(groups)) epics.not_confidential_or_in_groups(groups_with_confidential_access(groups))
end end
...@@ -224,23 +224,17 @@ class EpicsFinder < IssuableFinder ...@@ -224,23 +224,17 @@ class EpicsFinder < IssuableFinder
# `true` even if `groups` contains a group where the user cannot view # `true` even if `groups` contains a group where the user cannot view
# confidential epics. As such you should only call this with `false` if you # confidential epics. As such you should only call this with `false` if you
# are planning on filtering out confidential epics separately. # are planning on filtering out confidential epics separately.
def can_read_all_epics_in_related_groups?(groups, include_confidential: true) def can_read_all_epics_in_related_groups?(include_confidential: true)
return true if @skip_visibility_check return true if @skip_visibility_check
return false unless current_user return false unless current_user
# If a user is a member of a group, he also inherits access to all subgroups, # If a user is a member of a group, he also inherits access to all subgroups,
# so here we check if user is member of the top-level group (from the # so here we check if user is member of the top-level group (from the
# list of groups being requested) - this is checked by # epic group hierarchy) - this is checked by
# `read_confidential_epic` policy. If that's the case we don't need to # `read_confidential_epic` policy. If that's the case we don't need to
# check membership on subgroups. # check membership on subgroups.
#
# `groups` is a list of groups in the same group hierarchy, group is
# highest in the group hierarchy except if we fetch ancestors - in that
# case top-level group is group's root parent
parent = params.fetch(:include_ancestor_groups, false) ? params.group.root_ancestor : params.group parent = params.fetch(:include_ancestor_groups, false) ? params.group.root_ancestor : params.group
# If they can view confidential epics in this parent group they can
# definitely view confidential epics in subgroups.
return true if Ability.allowed?(current_user, :read_confidential_epic, parent) return true if Ability.allowed?(current_user, :read_confidential_epic, parent)
# If we don't account for confidential (assume it will be filtered later by # If we don't account for confidential (assume it will be filtered later by
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment