fix: Drop crossjoin from Sbom::Occurrence#visible_to (!170194) · Merge requests · GitLab.org / GitLab

Lucas Charles requested to merge 477112-remove-x-join-from-dependencies-finder into master Oct 23, 2024

What does this MR do and why?

Removes cross-join from Sbom::Occurrence#visible_to method which relies of pulling project_authorizations.

I believe this is only used through Sbom::DependenciesFinder, in which case we skip this scope for user.can_read_all_resources? or current_user.blank?. Realistically, this should be the maximum possible projects a given user has access to which should hopefully be a reasonable quantity.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Closes #477112

Edited Oct 23, 2024 by Lucas Charles

fix: Drop crossjoin from Sbom::Occurrence#visible_to

What does this MR do and why?

MR acceptance checklist

Merge request reports