Leverage user_interacted_projects in TodosFinder
In TodosFinder, we have the below method to limit found todos on projects that are public or otherwise visible to the user. We use Project.public_or_visible_to_user
which proved to generate bad plans in the past.
def by_project(items)
if project?
items.where(project: project)
else
projects = Project.public_or_visible_to_user(current_user)
items.joins(:project).merge(projects)
end
end
My assumption is that a user gets to see todos only from projects
- the user is authorized to see or
- public or internal projects the user interacted with in the past (e.g. joined the project).
As such, we may be able to leverage user_interacted_projects
here with something along the lines of:
authorized = current_user
.project_interactions
.joins(:project_authorizations)
.where(project_authorizations: { user: current_user })
.select(:id)
visible = target_user
.project_interactions
.where(visibility_level: [Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PUBLIC])
.select(:id)
Gitlab::SQL::Union.new([authorized, visible]).to_sql