Do not include hidden changesets if inclusion would leak data (!11349) · Merge requests · Administrator / sourcegraph

Administrator requested to merge campaigns/hidden-changesets-filter into master Jun 08, 2020

Created by: mrnugget

This is another part of #10809 and makes sure that we don't include HiddenChangesets in the changesets() query if the user specified filters for ExternalCheckState or ExternalReviewState.

Why? Because if we include the hidden changesets in the response that would leak information about their state (e.g.: a user could tell that "out of 10 hidden changesets, only 1 is in 'changes requested' state, I know which one it is now")

TODO:

Excluding hidden changesets in the total count. I'm still thinking about how to do that without loading everything into memory.

Do not include hidden changesets if inclusion would leak data

Merge request reports