Allow to autocomplete only confidential issuables

We allow to add only confidential subepics and issues
to epics which are confidential itself, so this flag
will be used by frontend to get only confidential list
of items.

app/finders/issues_finder.rb

@@ -24,6 +24,7 @@
 #     created_before: datetime
 #     updated_after: datetime
 #     updated_before: datetime
+#     confidential: boolean
 #
 class IssuesFinder < IssuableFinder
   CONFIDENTIAL_ACCESS_LEVEL = Gitlab::Access::REPORTER

ee/app/controllers/groups/autocomplete_sources_controller.rb

@@ -8,7 +8,10 @@ class Groups::AutocompleteSourcesController < Groups::ApplicationController
   end
 
   def issues
-    render json: issuable_serializer.represent(@autocomplete_service.issues, parent_group: @group)
+    render json: issuable_serializer.represent(
+      @autocomplete_service.issues(confidential_only: params[:confidential_only]),
+      parent_group: @group
+    )
   end
 
   def merge_requests
@@ -20,7 +23,7 @@ class Groups::AutocompleteSourcesController < Groups::ApplicationController
   end
 
   def epics
-    render json: @autocomplete_service.epics
+    render json: @autocomplete_service.epics(confidential_only: params[:confidential_only])
   end
 
   def commands

ee/app/finders/epics_finder.rb

@@ -19,6 +19,7 @@
 #   include_ancestor_groups: boolean
 #   include_descendant_groups: boolean
 #   starts_with_iid: string (containing a number)
+#   confidential: boolean
 
 class EpicsFinder < IssuableFinder
   include TimeFrameFilter
@@ -114,6 +115,7 @@ class EpicsFinder < IssuableFinder
     items = by_parent(items)
     items = by_iids(items)
     items = by_my_reaction_emoji(items)
+    items = by_confidential(items)
 
     starts_with_iid(items)
   end
@@ -221,4 +223,10 @@ class EpicsFinder < IssuableFinder
   def skip_visibility_check?
     @skip_visibility_check && Feature.enabled?(:skip_epic_count_visibility_check, group, default_enabled: true)
   end
+
+  def by_confidential(items)
+    return items if params[:confidential].nil?
+
+    params[:confidential] ? items.confidential : items.public_only
+  end
 end

ee/app/services/groups/autocomplete_service.rb

@@ -5,8 +5,11 @@ module Groups
     include LabelsAsHash
 
     # rubocop: disable CodeReuse/ActiveRecord
-    def issues
-      IssuesFinder.new(current_user, group_id: group.id, include_subgroups: true, state: 'opened')
+    def issues(confidential_only: false)
+      finder_params = { group_id: group.id, include_subgroups: true, state: 'opened' }
+      finder_params[:confidential] = true if confidential_only.present?
+
+      IssuesFinder.new(current_user, finder_params)
         .execute
         .preload(project: :namespace)
         .select(:iid, :title, :project_id)
@@ -22,10 +25,13 @@ module Groups
     end
     # rubocop: enable CodeReuse/ActiveRecord
 
-    def epics
+    def epics(confidential_only: false)
+      finder_params = { group_id: group.id }
+      finder_params[:confidential] = true if confidential_only.present?
+
       # TODO: use include_descendant_groups: true optional parameter once frontend supports epics from external groups.
       # See https://gitlab.com/gitlab-org/gitlab/issues/6837
-      EpicsFinder.new(current_user, group_id: group.id)
+      EpicsFinder.new(current_user, finder_params)
         .execute
         .select(:iid, :title)
     end

ee/spec/finders/epics_finder_spec.rb

@@ -228,6 +228,22 @@ RSpec.describe EpicsFinder do
           end
         end
 
+        context 'by confidential' do
+          let_it_be(:confidential_epic) { create(:epic, :confidential, group: group) }
+
+          it 'returns only confdential epics when confidential is true' do
+            params = { confidential: true }
+
+            expect(epics(params)).to contain_exactly(confidential_epic)
+          end
+
+          it 'does not include confidential epics when confidential is false' do
+            params = { confidential: false }
+
+            expect(epics(params)).not_to include(confidential_epic)
+          end
+        end
+
         context 'by iids' do
           let_it_be(:subgroup) { create(:group, :private, parent: group) }
           let_it_be(:subepic1) { create(:epic, group: subgroup, iid: epic1.iid) }

ee/spec/services/groups/autocomplete_service_spec.rb

@@ -61,11 +61,20 @@ RSpec.describe Groups::AutocompleteService do
     let(:sub_group_project) { create(:project, group: sub_group) }
 
     let!(:project_issue) { create(:issue, project: project) }
-    let!(:sub_group_project_issue) { create(:issue, project: sub_group_project) }
+    let!(:sub_group_project_issue) { create(:issue, confidential: true, project: sub_group_project) }
 
     it 'returns issues in group and subgroups' do
-      expect(subject.issues.map(&:iid)).to contain_exactly(project_issue.iid, sub_group_project_issue.iid)
-      expect(subject.issues.map(&:title)).to contain_exactly(project_issue.title, sub_group_project_issue.title)
+      issues = subject.issues
+
+      expect(issues.map(&:iid)).to contain_exactly(project_issue.iid, sub_group_project_issue.iid)
+      expect(issues.map(&:title)).to contain_exactly(project_issue.title, sub_group_project_issue.title)
+    end
+
+    it 'returns only confidential issues if confidential_only is true' do
+      issues = subject.issues(confidential_only: true)
+
+      expect(issues.map(&:iid)).to contain_exactly(sub_group_project_issue.iid)
+      expect(issues.map(&:title)).to contain_exactly(sub_group_project_issue.title)
     end
   end
 
@@ -98,6 +107,15 @@ RSpec.describe Groups::AutocompleteService do
     it 'returns epics from group' do
       expect(subject.epics.map(&:iid)).to contain_exactly(epic.iid)
     end
+
+    it 'returns only confidential epics if confidential_only is true' do
+      confidential_epic = create(:epic, :confidential, group: group)
+
+      epics = subject.epics(confidential_only: true)
+
+      expect(epics.map(&:iid)).to contain_exactly(confidential_epic.iid)
+      expect(epics.map(&:title)).to contain_exactly(confidential_epic.title)
+    end
   end
 
   describe '#commands' do