Merge branch 'dz-restrict-autocomplete' into 'security-9-1'

Allow users autocomplete by author_id only for authenticated users See merge request !2100
author: DJ Mountney <david@twkie.net> 2017-06-08 09:52:27 -0700
committer: DJ Mountney <david@twkie.net> 2017-06-08 09:52:27 -0700
commit: 982368dc55bbd22f82bf908f8af220056202a65a (patch)
tree: 8a9c2cc0776f641777ca8baf83f4748b1271fbdf /app/controllers/autocomplete_controller.rb
parent: 7113b1a45bd29318c3ec5ea5f61b1d523868ef4d (diff)
download: gitlab-ce-982368dc55bbd22f82bf908f8af220056202a65a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 907717dcb96..fe331a883c1 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -21,7 +21,7 @@ class AutocompleteController < ApplicationController
         @users = [current_user, *@users].uniq
       end
 
-      if params[:author_id].present?
+      if params[:author_id].present? && current_user
         author = User.find_by_id(params[:author_id])
         @users = [author, *@users].uniq if author
       end
author	DJ Mountney <david@twkie.net>	2017-06-08 09:52:27 -0700
committer	DJ Mountney <david@twkie.net>	2017-06-08 09:52:27 -0700
commit	982368dc55bbd22f82bf908f8af220056202a65a (patch)
tree	8a9c2cc0776f641777ca8baf83f4748b1271fbdf /app/controllers/autocomplete_controller.rb
parent	7113b1a45bd29318c3ec5ea5f61b1d523868ef4d (diff)
download	gitlab-ce-982368dc55bbd22f82bf908f8af220056202a65a.tar.gz