Add access-level filter support for projects select

app/assets/javascripts/project_select.js.coffee

 class @ProjectSelect
   constructor: ->
-    $('.ajax-project-select').each (i, select) ->
+    $('.ajax-project-select').each (i, select) =>
       @groupId = $(select).data('group-id')
       @includeGroups = $(select).data('include-groups')
       @orderBy = $(select).data('order-by') || 'id'
       @selectId = $(select).data('select-id') || 'web_url'
+      @accessLevel = $(select).data('access-level')
 
       placeholder = "Search for project"
       placeholder += " or group" if @includeGroups
@@ -12,25 +13,11 @@ class @ProjectSelect
       $(select).select2
         placeholder: placeholder
         minimumInputLength: 0
-        query: (query) =>
-          finalCallback = (projects) ->
-            data = { results: projects }
-            query.callback(data)
-
-          if @includeGroups
-            projectsCallback = (projects) ->
-              groupsCallback = (groups) ->
-                data = groups.concat(projects)
-                finalCallback(data)
-
-              Api.groups query.term, false, groupsCallback
-          else
-            projectsCallback = finalCallback
-
+        query: (options) =>
           if @groupId
-            Api.groupProjects @groupId, query.term, projectsCallback
+            Api.groupProjects @groupId, options.term, @createCallback(options)
           else
-            Api.projects query.term, @orderBy, projectsCallback
+            Api.projects options.term, @orderBy, @createCallback(options)
 
         id: (project) =>
           project[@selectId]
@@ -39,3 +26,36 @@ class @ProjectSelect
           project.name_with_namespace || project.name
 
         dropdownCssClass: "ajax-project-dropdown"
+
+  createCallback: (options) =>
+    finalCallback = (projects) ->
+      options.callback({ results: projects })
+
+    @accessLevelCallbackDecorator(
+      @groupsCallbackDecorator(
+        finalCallback
+      )
+    )
+
+  groupsCallbackDecorator: (callback) =>
+    return callback unless @includeGroups
+
+    (projects) =>
+      Api.groups options.term, false, (groups) =>
+        data = groups.concat(projects)
+        callback(data)
+
+  accessLevelCallbackDecorator: (callback) =>
+    return callback unless @accessLevel
+
+    ##
+    # Requires ECMAScript >= 5
+    #
+    (projects) =>
+      data = projects.filter (i) =>
+        max = Math.max(i.permissions.group_access?.access_level ? 0,
+                       i.permissions.project_access?.access_level ? 0)
+
+        max >= @accessLevel
+
+      callback(data)

app/models/user.rb

@@ -429,7 +429,7 @@ class User < ActiveRecord::Base
     Group.where("namespaces.id IN (#{union.to_sql})")
   end
 
-  # Returns the groups a user is authorized to access.
+  # Returns projects user is authorized to access.
   def authorized_projects
     Project.where("projects.id IN (#{projects_union.to_sql})")
   end

app/services/issues/move_service.rb

@@ -15,7 +15,7 @@ module Issues
       ActiveRecord::Base.transaction do
         # New issue tasks
         #
-        open_new_issue
+        create_new_issue
         rewrite_notes
         add_moved_from_note
 
@@ -43,7 +43,7 @@ module Issues
         can?(@current_user, :admin_issue, @project_new)
     end
 
-    def open_new_issue
+    def create_new_issue
       @issue_new.iid = nil
       @issue_new.project = @project_new
       @issue_new.labels = []

app/views/shared/issuable/_form.html.haml

@@ -73,7 +73,8 @@
       = f.label :move_to_project_id, 'Move', class: 'control-label'
       .col-sm-10
         = project_select_tag("#{issuable.class.model_name.param_key}[move_to_project_id]",
-          placeholder: 'Select project', class: 'custom-form-control', data: { 'select-id' => 'id' })
+          placeholder: 'Select project', class: 'custom-form-control',
+          data: { 'select-id' => 'id', 'access-level' => Gitlab::Access::REPORTER })
 
 - if issuable.is_a?(MergeRequest)
   %hr