Skip to content

Search project confidential filter enable specs and refactor

Terri Churequested to merge
558781-fix-project-confidential-filter-and-add-specs into master

What does this MR do and why?

This MR un-skips the issues scope confidentiality specs for advanced search. It also refactors the project confidential filters to work like the group filters and fixes bugs uncovered by the new specs.

AI summary

This code refactors the search filtering system for confidential content (like private issues and projects) to make it more unified and efficient.

The main changes consolidate two separate filtering approaches - one for projects and one for groups - into a single, shared method that handles both cases. This eliminates duplicate code and makes the system easier to maintain.

The refactoring also improves how the system determines what content a user can access by preparing authorization data upfront, including which private projects and groups the user has permission to see. This data is then used consistently across different filtering scenarios.

Additionally, the code restructures the search query logic to be more organized, separating concerns like author permissions, assignee permissions, and project membership into distinct, reusable components.

The changes include updated test files that reflect the new query structure, and some previously skipped tests are now re-enabled, indicating that issues with the search functionality have been resolved.

Overall, this is a code quality improvement that makes the confidentiality filtering system more maintainable while preserving the same security behavior - users still only see content they're authorized to access.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

I'm relying heavily upon https://gitlab.com/gitlab-org/gitlab/blob/fe311749ee81c4100d9ea9b0c698968c0337dab9/ee/spec/support/shared_examples/services/search_service_shared_examples.rb#L370-370 which drives specs run at global, group and project search levels for issues and epics.

To manually test this, there's instructions you can follow at !206372 (merged) - but they do not cover all scenarios.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Terri Chu

Merge request reports