summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelipe Artur <felipefac@gmail.com>2016-04-12 12:04:33 -0300
committerFelipe Artur <felipefac@gmail.com>2016-04-18 11:12:28 -0300
commit820c08cefd78e593e94012061be29000d523ffd0 (patch)
treef50d16d6b6d7abe68e891f930d805091e5c5fcc8
parent7d54e721da0ccd21f0150bbb6ab60b51970033c2 (diff)
downloadgitlab-ce-820c08cefd78e593e94012061be29000d523ffd0.tar.gz
Fix documentation and improve permissions code
Diffstat
-rw-r--r--app/models/ability.rb1
-rw-r--r--app/views/admin/application_settings/_form.html.haml2
-rw-r--r--doc/permissions/permissions.md7
-rw-r--r--doc/public_access/public_access.md3
-rw-r--r--lib/api/api_guard.rb4
-rw-r--r--lib/api/users.rb2
6 files changed, 6 insertions, 13 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb
index a4bde72d991..6103a2947e2 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -120,6 +120,7 @@ class Ability
def global_abilities(user)
rules = []
rules << :create_group if user.can_create_group
+ rules << :read_users_list
rules
end
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index 37b07c348d4..aadd2c54f20 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -28,7 +28,7 @@
= level
%span.help-block#restricted-visibility-help
Selected levels cannot be used by non-admin users for projects or snippets.
- If public level is restricted user profiles are not accessible to not logged users.
+ If the public level is restricted, user profiles are only visible to logged in users.
.form-group
= f.label :import_sources, class: 'control-label col-sm-2'
.col-sm-10
diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md
index f8cfd2898f0..6219693b8a8 100644
--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md)
or by checking the checkbox on the admin panel. As an administrator, navigate
to **Admin > Users** to create a new user or edit an existing one. There, you
will find the option to flag the user as external.
-
-## Restricted visibility levels
-
-Visibility levels can be restricted in admin settings page by administrator, when
-restricting a visibility level groups, projects and snippets are not allowed to be
-created with that visibility setting. If the public visibility level is restricted
-user profiles are accessible to not logged users.
diff --git a/doc/public_access/public_access.md b/doc/public_access/public_access.md
index 20aa90f0d69..17bb75ececd 100644
--- a/doc/public_access/public_access.md
+++ b/doc/public_access/public_access.md
@@ -58,6 +58,9 @@ you are logged in or not.
When visiting the public page of a user, you can only see the projects which
you are privileged to.
+If the public level is restricted, user profiles are only visible to logged in users.
+
+
## Restricting the use of public or internal projects
In the Admin area under **Settings** (`/admin/application_settings`), you can
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 6ce5529abfa..b9994fcefda 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -79,10 +79,6 @@ module APIGuard
@current_user
end
- def public_access_restricted?
- current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
- end
-
private
def find_access_token
@access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 9647a40686e..315268fc0ca 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -11,7 +11,7 @@ module API
# GET /users?search=Admin
# GET /users?username=root
get do
- if !current_user && public_access_restricted?
+ unless can?(current_user, :read_users_list, nil)
render_api_error!("Not authorized.", 403)
end
View Lorry Controller Status