Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Add search autocomplete suggestions for recently viewed epics

Review changes
Download
Patches
Plain diff

Dylan Griffith requested to merge 259608-add-autocomplete-suggestions-for-epics into master Oct 01, 2020

Overview 22
Commits 3
Pipelines 6
Changes 15

What does this MR do?

When typing in the search bar you will now see suggestions for recently viewed epics.

This implements the same thing we implemented for issues and merge requests now for Epics. This required a slightly different approach as the EpicsFinder was not suitable for this purpose. At present it only supports searching within a single group. And extending it to support wider use cases would likely lead to performance issues as there is no equivalent group permissions cache like project_authorizations table to efficiently determine which groups a user can view epics in.

The simpler thing to do here was to just manually check the permissions for each returned epic. This leaves a very edge case scenarion in which a user was previously able to see an epic and looked at that epic in their last 100 viewed epics and then performs a search and now only sees 4 suggestions (instead of the expected 5). This in theory, if the epic was renamed and the new name contained something important the user shouldn't see, could lead to the leak of an existence of that name in the search results. Considering this edge case is so unlikely it seems safe to not worry too much about it.

See !43964 (comment 422531496) for DB query performance.

You may wish to review this MR commit by commit as the first 2 commits are small refactors to make it easier to add the RecentEpics class.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation (if required)
Code review guidelines
Merge request performance guidelines
Style guides
Database guides
Separation of EE specific content

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Closes #259608 (closed)

Edited Oct 02, 2020 by Dylan Griffith

Merge request reports

Assignee

Reviewers

Request review from

Time tracking