Events API only includes events associated with a project
Summary
The Events API is supposed to return all events for the specified params, but always filters for events associated with a project.
Steps to reproduce
- Create an epic or personal snippet, and comment on them.
- See the events appear in the user's Activity stream.\
-
created
andcommented
for epics. -
commented
for personal snippets.
-
- Query the Events API (either the
/events
or/users/:id/events
endpoint) and see the events missing.
What is the current bug behavior?
Events not associated with a project are excluded.
What is the expected correct behavior?
Events not associated with a project are included.
Output of checks
This bug happens on GitLab.com
Possible fixes
We're doing an INNER JOIN projects
when checking project permissions at https://gitlab.com/gitlab-org/gitlab/blob/a86cedf891969173aaa45716c370fab08a8f7782/app/finders/events_finder.rb#L63, which means all events without a project_id
are excluded.
We should instead use a LEFT JOIN
and change the query so the permission check only applies to project events. We should also add any necessary checks for group or user namespace access.