diff options
author | Stan Hu <stanhu@gmail.com> | 2015-07-10 17:36:24 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2015-07-10 17:39:58 -0700 |
commit | 0b67d7a0fe79c05681c6e541105350d94fff6931 (patch) | |
tree | a75df25d998c7e46875f5a72eb7a979aea60a3ff | |
parent | 3f5a4ae5e66ba23a16c7a41b27ade196994c5a4c (diff) | |
download | gitlab-ce-0b67d7a0fe79c05681c6e541105350d94fff6931.tar.gz |
Fix user autocomplete for unauthenticated users accessing public projects
Closes #1955
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/controllers/autocomplete_controller.rb | 6 | ||||
-rw-r--r-- | spec/controllers/autocomplete_controller_spec.rb | 24 |
3 files changed, 30 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 5daee9830ed..8524862da5a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.13.0 (unreleased) + - Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu) - Fix redirection to home page URL for unauthorized users (Daniel Gerhardt) - Add branch switching support for graphs (Daniel Gerhardt) - Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt) diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index 11af9895261..8b12643bb97 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -1,4 +1,6 @@ class AutocompleteController < ApplicationController + skip_before_action :authenticate_user!, only: [:users] + def users @users = if params[:project_id].present? @@ -13,8 +15,10 @@ class AutocompleteController < ApplicationController if can?(current_user, :read_group, group) group.users end - else + elsif current_user User.all + else + User.none end @users = @users.search(params[:search]) if params[:search].present? diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 9ad9cb41cc1..9be8d0333ad 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -48,4 +48,28 @@ describe AutocompleteController do it { expect(body).to be_kind_of(Array) } it { expect(body.size).to eq User.count } end + + context 'unauthenticated user' do + let(:project) { create(:project, :public) } + let(:body) { JSON.parse(response.body) } + + describe 'GET #users with public project' do + before do + project.team << [user, :guest] + get(:users, project_id: project.id) + end + + it { expect(body).to be_kind_of(Array) } + it { expect(body.size).to eq 1 } + end + + describe 'GET #users with no project' do + before do + get(:users) + end + + it { expect(body).to be_kind_of(Array) } + it { expect(body.size).to eq 0 } + end + end end |