diff options
author | Felipe Artur <felipefac@gmail.com> | 2016-04-12 12:04:33 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2016-04-18 11:12:28 -0300 |
commit | 820c08cefd78e593e94012061be29000d523ffd0 (patch) | |
tree | f50d16d6b6d7abe68e891f930d805091e5c5fcc8 | |
parent | 7d54e721da0ccd21f0150bbb6ab60b51970033c2 (diff) | |
download | gitlab-ce-820c08cefd78e593e94012061be29000d523ffd0.tar.gz |
Fix documentation and improve permissions code
-rw-r--r-- | app/models/ability.rb | 1 | ||||
-rw-r--r-- | app/views/admin/application_settings/_form.html.haml | 2 | ||||
-rw-r--r-- | doc/permissions/permissions.md | 7 | ||||
-rw-r--r-- | doc/public_access/public_access.md | 3 | ||||
-rw-r--r-- | lib/api/api_guard.rb | 4 | ||||
-rw-r--r-- | lib/api/users.rb | 2 |
6 files changed, 6 insertions, 13 deletions
diff --git a/app/models/ability.rb b/app/models/ability.rb index a4bde72d991..6103a2947e2 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -120,6 +120,7 @@ class Ability def global_abilities(user) rules = [] rules << :create_group if user.can_create_group + rules << :read_users_list rules end diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 37b07c348d4..aadd2c54f20 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -28,7 +28,7 @@ = level %span.help-block#restricted-visibility-help Selected levels cannot be used by non-admin users for projects or snippets. - If public level is restricted user profiles are not accessible to not logged users. + If the public level is restricted, user profiles are only visible to logged in users. .form-group = f.label :import_sources, class: 'control-label col-sm-2' .col-sm-10 diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md index f8cfd2898f0..6219693b8a8 100644 --- a/doc/permissions/permissions.md +++ b/doc/permissions/permissions.md @@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md) or by checking the checkbox on the admin panel. As an administrator, navigate to **Admin > Users** to create a new user or edit an existing one. There, you will find the option to flag the user as external. - -## Restricted visibility levels - -Visibility levels can be restricted in admin settings page by administrator, when -restricting a visibility level groups, projects and snippets are not allowed to be -created with that visibility setting. If the public visibility level is restricted -user profiles are accessible to not logged users. diff --git a/doc/public_access/public_access.md b/doc/public_access/public_access.md index 20aa90f0d69..17bb75ececd 100644 --- a/doc/public_access/public_access.md +++ b/doc/public_access/public_access.md @@ -58,6 +58,9 @@ you are logged in or not. When visiting the public page of a user, you can only see the projects which you are privileged to. +If the public level is restricted, user profiles are only visible to logged in users. + + ## Restricting the use of public or internal projects In the Admin area under **Settings** (`/admin/application_settings`), you can diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 6ce5529abfa..b9994fcefda 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -79,10 +79,6 @@ module APIGuard @current_user end - def public_access_restricted? - current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) - end - private def find_access_token @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods) diff --git a/lib/api/users.rb b/lib/api/users.rb index 9647a40686e..315268fc0ca 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -11,7 +11,7 @@ module API # GET /users?search=Admin # GET /users?username=root get do - if !current_user && public_access_restricted? + unless can?(current_user, :read_users_list, nil) render_api_error!("Not authorized.", 403) end |