Code search returns no results at intermediate group level

Ravi Kumarrequested to merge
rkumar555-subgroup-missing-results into master

What does this MR do and why?

The main issue was that projects = Project.in_namespace(namespace_ids) does not consider the projects in the subgroups.

projects = Project.in_namespace(namespace_ids)
if projects.present? && !projects.id_not_in(authorized_projects).exists?
  projects

So it was just returning the projects from within the group, but not in the subgroups. So, for simplicity just removed this short-circuit

AI Summary

This code change improves how the search system handles user permissions when finding projects. The main improvements are:

Safety Enhancement: Added a check to prevent errors when no user is logged in - the system now returns an empty result instead of potentially crashing.

Code Simplification: Removed complex conditional logic that was checking project permissions in multiple ways and replaced it with a simpler, more direct approach. This makes the code easier to understand and maintain.

Better Project Filtering: When searching within specific projects, the system now properly handles cases where the requested projects don't exist, returning empty results instead of potentially showing incorrect data.

Improved Testing: Added comprehensive tests that cover different scenarios like searching globally, within groups, and for specific projects, including edge cases like non-existent projects and users without permissions.

The changes make the search functionality more reliable and predictable while reducing the complexity of the permission-checking logic. Users will experience more consistent search results, especially when they don't have access to certain projects or when searching for projects that don't exist.

References

https://gitlab.com/gitlab-com/request-for-help/-/work_items/4216

Screenshots or screen recordings

Before After
Screenshot_2026-02-26_at_17.43.18 Screenshot_2026-02-26_at_17.46.11

How to set up and validate locally

  • Create this structure of projects.groups `GroupA -> SubGroupB(-> ProjectA) -> SubgroupC -> ProjectB
  • Assign a direct membership of developer to a user to everything
  • Keep all groups.projects private
  • Perform a search in SubGroupB. You should see the search results from ProjectB

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Ravi Kumar

Merge request reports