Skip to content

Add search autocomplete suggestions for recently viewed epics

What does this MR do?

When typing in the search bar you will now see suggestions for recently viewed epics.

This implements the same thing we implemented for issues and merge requests now for Epics. This required a slightly different approach as the EpicsFinder was not suitable for this purpose. At present it only supports searching within a single group. And extending it to support wider use cases would likely lead to performance issues as there is no equivalent group permissions cache like project_authorizations table to efficiently determine which groups a user can view epics in.

The simpler thing to do here was to just manually check the permissions for each returned epic. This leaves a very edge case scenarion in which a user was previously able to see an epic and looked at that epic in their last 100 viewed epics and then performs a search and now only sees 4 suggestions (instead of the expected 5). This in theory, if the epic was renamed and the new name contained something important the user shouldn't see, could lead to the leak of an existence of that name in the search results. Considering this edge case is so unlikely it seems safe to not worry too much about it.

See !43964 (comment 422531496) for DB query performance.

You may wish to review this MR commit by commit as the first 2 commits are small refactors to make it easier to add the RecentEpics class.

Screenshots

Screen_Shot_2020-10-02_at_5.03.11_pm

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Closes #259608 (closed)

Edited by Dylan Griffith

Merge request reports

Loading