Module: Participable

Extended by:

ActiveSupport::Concern

Included in:

AwardEmoji, Commit, DesignManagement::Design, Issuable, Note, Review, Snippet, WikiPage::Meta

Defined in:

app/models/concerns/participable.rb

Overview

Participable concern

Contains functionality related to objects that can have participants, such as an author, an assignee and people mentioned in its description or comments.

Participant Permission System

Multiple levels of permission checks (in execution order):

1. **Per-Source Checks**:

   • Checks if current user can see each individual note/comment/source

   • Determines which sources get processed for reference extraction

   • Bypassed when :remove_per_source_permission_from_participants FF is enabled

   • When bypassed, relies on final per-participant filtering for security

2. **Reference Extraction**:

   • Group references parsed based on user’s group visibility

   • User mentions extracted from accessible content

   • Processes all accessible sources (or all sources when FF enabled)

3. **Confidential Content Handling**:

   • Separate extractor for confidential notes

   • Additional filtering for users who can read confidential content

   • Maintains security regardless of per-source check status

4. **Per-Participant Filtering**:

   • Final filtering based on project/group read access

   • Enhanced filtering for confidential work items using :read_confidential_issues permission

   • Base permission requirement ensuring only authorized users appear

   • Always applied as the final security layer regardless of feature flag state

Usage:

class Issue < ApplicationRecord
  include Participable

  # ...

  participant :author
  participant :assignee
  participant :notes

  participant -> (current_user, ext) do
    ext.analyze('...')
  end
end

issue = Issue.last
users = issue.participants

Instance Method Summary

• #participant?(user) ⇒ Boolean

  Checks if the user is a participant in a discussion.

• #participants(user = nil) ⇒ Object

  Returns the users participating in a discussion.

• #visible_participants(user) ⇒ Object

  Returns only participants visible for the user.

Instance Method Details

#participant?(user) ⇒ Boolean

Checks if the user is a participant in a discussion.

This method processes attributes of objects in breadth-first order.

Returns a Boolean.

Returns:

• (Boolean)

# File 'app/models/concerns/participable.rb', line 103

def participant?(user)
  can_read_participable?(user) &&
    all_participants_hash[user].include?(user)
end

#participants(user = nil) ⇒ Object

Returns the users participating in a discussion.

This method processes attributes of objects in breadth-first order.

Returns an Array of User instances.

# File 'app/models/concerns/participable.rb', line 85

def participants(user = nil)
  filtered_participants_hash[user]
end

#visible_participants(user) ⇒ Object

Returns only participants visible for the user

Returns an Array of User instances.

# File 'app/models/concerns/participable.rb', line 92

def visible_participants(user)
  return participants(user) if Feature.enabled?(:remove_per_source_permission_from_participants, user)

  filter_by_ability(raw_participants(user, verify_access: true))
end