There are 2 parameters in `IssuableFinder` that should be investigated and refactored if possible. - `scope` with possible values 'created-by-me', 'assigned-to-me', 'authored' or 'all' available in `IssuableFinder`. It seems, however, that this parameter is used only at one place (https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/issues.rb#L52). - `authorized_only` - this parameter seems to be used only once (https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/models/dashboard_milestone.rb) We check these values in https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/finders/issuable_finder.rb#L115 if current_user && params[:authorized_only].presence && !current_user_related? current_user.authorized_projects elsif group GroupProjectsFinder.new(group).execute(current_user) else projects_finder.execute(current_user, item_project_ids(items) end The idea would be that in case we try to retrieve issuables by assignee or author and that assignee/author is current_user `authorized_projects` should be returned Initial idea: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9030#note_24620099 The `current_user_related?`check was introduces more than 2 years ago by @marin (https://gitlab.com/gitlab-org/gitlab-ce/commit/d3bdd3ba67dda8b8392770a2b6e4a7473ec4d42d) and scopes 'assigned-to-me' / 'created-by-me' were used at that time (now assignee/author param is used for this filter instead). cc @smcgivern