Index private review requests for search, and limit their results.

Review Request #7067 — Created March 16, 2015 and submitted — Latest diff uploaded

Information

Review Board
release-2.0.x
c57f183...

Reviewers

Previously, only publicly-accessible review requests were returned in
the search results. Teams using private repositories or groups wouldn't
get much benefit from our search support.

Now, we index all the information needed with a review request to limit
results based on the user's access. This works just like all our
existing accessible_by functions.

The index stores a private flag (indicating whether the review request
is inaccessible in general to users), and then a series of IDs for
invite-only groups, private repositories, and the list of users targeted
for review.

The search query is then constructed to compare the user's
currently-accessible groups/repositories against the results of these
lists. The search results shown are therefore personalized to the user's
access.

Unit tests were added for covering all the access control checks, along
with some of the existing search functionality (general searches and
filters). These tests are based on the equivalent tests for the review
request accessibility filtering in the database.

Unit tests pass.

I created a bunch of review requests with the different combinations of
access-restricted objects (private repos, invite-only groups), with and
without my user having permission on those objects. I saw all the results
I expected.

I tested this on local sites as well. I also got the results I expected.