Allow admins to perform global searches with Elasticsearch

app/models/concerns/elastic/application_search.rb

@@ -180,22 +180,19 @@ module Elastic
 
       def project_ids_query(current_user, project_ids, public_and_internal_projects, feature = nil)
         conditions = []
+        limit_private_projects = {}
 
-        private_project_condition = {
-          bool: {
-            filter: {
-              terms: { id: project_ids }
-            }
-          }
-        }
+        if project_ids != :any
+          limit_private_projects[:filter] = { terms: { id: project_ids } }
+        end
 
         if feature
-          private_project_condition[:bool][:must_not] = {
+          limit_private_projects[:must_not] = {
             term: { "#{feature}_access_level" => ProjectFeature::DISABLED }
           }
         end
 
-        conditions << private_project_condition
+        conditions << { bool: limit_private_projects } unless limit_private_projects.empty?
 
         if public_and_internal_projects
           conditions << if feature

app/models/concerns/elastic/issues_search.rb

@@ -53,7 +53,7 @@ module Elastic
       end
 
       def self.confidentiality_filter(query_hash, current_user)
-        return query_hash if current_user && current_user.admin?
+        return query_hash if current_user && current_user.admin_or_auditor?
 
         filter = if current_user
                    {

app/services/search/global_service.rb

@@ -17,14 +17,23 @@ module Search
       end
 
       if current_application_settings.elasticsearch_search?
-        unless group
-          projects = current_user ? current_user.authorized_projects : Project.none
-        end
+        projects_spec =
+          if group
+            projects.pluck(:id)
+          else
+            if current_user && current_user.admin_or_auditor?
+              :any
+            elsif current_user
+              current_user.authorized_projects.pluck(:id)
+            else
+              []
+            end
+          end
 
         Gitlab::Elastic::SearchResults.new(
           current_user,
           params[:search],
-          projects.pluck(:id),
+          projects_spec,
           !group # Ignore public projects outside of the group if provided
         )
       else

changelogs/unreleased-ee/1646-global-elasticsearch-for-admins.yml

+---
+title: Allow admins to perform global searches with Elasticsearch
+merge_request: 1578
+author:

lib/gitlab/elastic/search_results.rb

@@ -165,7 +165,12 @@ module Gitlab
       end
 
       def repository_filter
-        conditions = [{ terms: { id: non_guest_project_ids } }]
+        conditions =
+          if non_guest_project_ids == :any
+            [{ exists: { field: "id" } }]
+          else
+            [{ terms: { id: non_guest_project_ids } }]
+          end
 
         if public_and_internal_projects
           conditions << {
@@ -213,7 +218,11 @@ module Gitlab
       end
 
       def non_guest_project_ids
-        @non_guest_project_ids ||= limit_project_ids - guest_project_ids
+        if limit_project_ids == :any
+          :any
+        else
+          @non_guest_project_ids ||= limit_project_ids - guest_project_ids
+        end
       end
 
       def default_scope

spec/elastic_integration/global_search_spec.rb

@@ -2,6 +2,8 @@ require 'spec_helper'
 
 describe 'GlobalSearch' do
   let(:features) { %i(issues merge_requests repository builds) }
+  let(:admin) { create :user, admin: true }
+  let(:auditor) {create :user, auditor: true }
   let(:non_member) { create :user }
   let(:member) { create :user }
   let(:guest) { create :user }
@@ -27,6 +29,8 @@ describe 'GlobalSearch' do
       it "does not find items if features are disabled" do
         create_items(project, feature_settings(:disabled))
 
+        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(auditor)
         expect_no_items_to_be_found(member)
         expect_no_items_to_be_found(guest)
         expect_no_items_to_be_found(non_member)
@@ -36,6 +40,8 @@ describe 'GlobalSearch' do
       it "shows items to member only if features are enabled" do
         create_items(project, feature_settings(:enabled))
 
+        expect_items_to_be_found(admin)
+        expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_non_code_items_to_be_found(guest)
         expect_no_items_to_be_found(non_member)
@@ -50,6 +56,8 @@ describe 'GlobalSearch' do
       it "does not find items if features are disabled" do
         create_items(project, feature_settings(:disabled))
 
+        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(auditor)
         expect_no_items_to_be_found(member)
         expect_no_items_to_be_found(guest)
         expect_no_items_to_be_found(non_member)
@@ -59,6 +67,8 @@ describe 'GlobalSearch' do
       it "shows items to member only if features are enabled" do
         create_items(project, feature_settings(:enabled))
 
+        expect_items_to_be_found(admin)
+        expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(guest)
         expect_items_to_be_found(non_member)
@@ -68,6 +78,8 @@ describe 'GlobalSearch' do
       it "shows items to member only if features are private" do
         create_items(project, feature_settings(:private))
 
+        expect_items_to_be_found(admin)
+        expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_non_code_items_to_be_found(guest)
         expect_no_items_to_be_found(non_member)
@@ -82,6 +94,8 @@ describe 'GlobalSearch' do
       it "does not find items if features are disabled" do
         create_items(project, feature_settings(:disabled))
 
+        expect_no_items_to_be_found(admin)
+        expect_no_items_to_be_found(auditor)
         expect_no_items_to_be_found(member)
         expect_no_items_to_be_found(guest)
         expect_no_items_to_be_found(non_member)
@@ -91,6 +105,8 @@ describe 'GlobalSearch' do
       it "finds items if features are enabled" do
         create_items(project, feature_settings(:enabled))
 
+        expect_items_to_be_found(admin)
+        expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_items_to_be_found(guest)
         expect_items_to_be_found(non_member)
@@ -100,6 +116,8 @@ describe 'GlobalSearch' do
       it "shows items to member only if features are private" do
         create_items(project, feature_settings(:private))
 
+        expect_items_to_be_found(admin)
+        expect_items_to_be_found(auditor)
         expect_items_to_be_found(member)
         expect_non_code_items_to_be_found(guest)
         expect_no_items_to_be_found(non_member)