diff options
| author | Hannes Rosenögger <123haynes@gmail.com> | 2015-07-11 12:54:09 +0000 |
|---|---|---|
| committer | Hannes Rosenögger <123haynes@gmail.com> | 2015-07-11 12:54:09 +0000 |
| commit | d0b240136a444a61c3c8960cba33f987022fa0f4 (patch) | |
| tree | 8634d24ea62f66d1bbffc411ca0aec9442cd9b48 | |
| parent | ddaac5317f99a52db6a039b672301c8b9cd5d2ff (diff) | |
| parent | 0b67d7a0fe79c05681c6e541105350d94fff6931 (diff) | |
| download | gitlab-ce-d0b240136a444a61c3c8960cba33f987022fa0f4.tar.gz | |
Merge branch 'fix-autocomplete-with-public-projects' into 'master'
Fix user autocomplete for unauthenticated users accessing public projects
Closes #1955
See merge request !963
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/autocomplete_controller.rb | 6 | ||||
| -rw-r--r-- | spec/controllers/autocomplete_controller_spec.rb | 24 |
3 files changed, 30 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index a964a192216..7d5f186d755 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.13.0 (unreleased) + - Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu) - Fix redirection to home page URL for unauthorized users (Daniel Gerhardt) - Add branch switching support for graphs (Daniel Gerhardt) - Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt) diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 11af9895261..8b12643bb97 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -1,4 +1,6 @@ class AutocompleteController < ApplicationController + skip_before_action :authenticate_user!, only: [:users] + def users @users = if params[:project_id].present? @@ -13,8 +15,10 @@ class AutocompleteController < ApplicationController if can?(current_user, :read_group, group) group.users end - else + elsif current_user User.all + else + User.none end @users = @users.search(params[:search]) if params[:search].present? diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 9ad9cb41cc1..9be8d0333ad 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -48,4 +48,28 @@ describe AutocompleteController do it { expect(body).to be_kind_of(Array) } it { expect(body.size).to eq User.count } end + + context 'unauthenticated user' do + let(:project) { create(:project, :public) } + let(:body) { JSON.parse(response.body) } + + describe 'GET #users with public project' do + before do + project.team << [user, :guest] + get(:users, project_id: project.id) + end + + it { expect(body).to be_kind_of(Array) } + it { expect(body.size).to eq 1 } + end + + describe 'GET #users with no project' do + before do + get(:users) + end + + it { expect(body).to be_kind_of(Array) } + it { expect(body.size).to eq 0 } + end + end end |