Do not show participants invisible to the user

Contributes to #347407 **Problem** We expose participants that the current user cannot see because we don't provide the current user as an argument to participants method in GraphQL. When the user is missing, then we use the author of the issuable permissions to fetch participants. **Solution** Remove the feature flag to enable verification for participants Changelog: changed

Do not show participants invisible to the user
d07f416f · Vasilii Iakliushin · d2080bb6 · d07f416f · d2080bb6 · d07f416f
Commit d07f416f authored 3 years ago by Vasilii Iakliushin
--- a/app/models/concerns/participable.rb
+++ b/app/models/concerns/participable.rb
@@ -64,8 +64,6 @@ def participants(user = nil)
  #
  # Returns an Array of User instances.
  def visible_participants(user)
-    return participants(user) unless Feature.enabled?(:verify_participants_access, project, default_enabled: :yaml)
-
    filter_by_ability(raw_participants(user, verify_access: true))
  end


--- a/config/feature_flags/development/verify_participants_access.yml
+++ b/config/feature_flags/development/verify_participants_access.yml
---
-name: verify_participants_access
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74906
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/347407
-milestone: '14.6'
-type: development
-group: group::source code
-default_enabled: false
--- a/spec/models/concerns/participable_spec.rb
+++ b/spec/models/concerns/participable_spec.rb
@@ -138,7 +138,7 @@
      allow(instance).to receive_message_chain(:model_name, :element) { 'class' }
      expect(instance).to receive(:foo).and_return(user2)
      expect(instance).to receive(:bar).and_return(user3)
-      expect(instance).to receive(:project).thrice.and_return(project)
+      expect(instance).to receive(:project).twice.and_return(project)

      participants = instance.visible_participants(user1)

@@ -159,31 +159,10 @@

        allow(instance).to receive_message_chain(:model_name, :element) { 'class' }
        allow(instance).to receive(:bar).and_return(user2)
-        expect(instance).to receive(:project).thrice.and_return(project)
+        expect(instance).to receive(:project).twice.and_return(project)

        expect(instance.visible_participants(user1)).to be_empty
      end
-
-      context 'when feature flag is disabled' do
-        before do
-          stub_feature_flags(verify_participants_access: false)
-        end
-
-        it 'returns unavailable participants' do
-          model.participant(:bar)
-
-          instance = model.new
-          user1 = build(:user)
-          user2 = build(:user)
-          project = build(:project, :public)
-
-          allow(instance).to receive_message_chain(:model_name, :element) { 'class' }
-          allow(instance).to receive(:bar).and_return(user2)
-          expect(instance).to receive(:project).thrice.and_return(project)
-
-          expect(instance.visible_participants(user1)).to match_array([user2])
-        end
-      end
    end
  end