diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 14:00:14 -0400 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 14:00:14 -0400 |
| commit | 27e0c7723ca1eb85222210a20fd3fee1d77733f7 (patch) | |
| tree | 0b25b0122c7918382c22ab277df421585f9e58b1 /app/controllers/users_controller.rb | |
| parent | ee2dc0624093a0fe8665778fd0cc734754e7cdc9 (diff) | |
| parent | 0063194ad6029915361d282392b6ab207ffd1520 (diff) | |
| download | gitlab-ce-ci-commit-as-pipeline.tar.gz | |
Merge remote-tracking branch 'origin/master' into ci-commit-as-pipelineci-commit-as-pipeline
# Conflicts:
# db/schema.rb
Diffstat (limited to 'app/controllers/users_controller.rb')
| -rw-r--r-- | app/controllers/users_controller.rb | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 8e7956da48f..2ae180c8a12 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,6 +1,7 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! - before_action :set_user + before_action :user + before_action :authorize_read_user!, only: [:show] def show respond_to do |format| @@ -75,22 +76,26 @@ class UsersController < ApplicationController private - def set_user - @user = User.find_by_username!(params[:username]) + def authorize_read_user! + render_404 unless can?(current_user, :read_user, user) + end + + def user + @user ||= User.find_by_username!(params[:username]) end def contributed_projects - ContributedProjectsFinder.new(@user).execute(current_user) + ContributedProjectsFinder.new(user).execute(current_user) end def contributions_calendar @contributions_calendar ||= Gitlab::ContributionsCalendar. - new(contributed_projects, @user) + new(contributed_projects, user) end def load_events # Get user activity feed for projects common for both users - @events = @user.recent_events. + @events = user.recent_events. merge(projects_for_current_user). references(:project). with_associations. @@ -99,16 +104,16 @@ class UsersController < ApplicationController def load_projects @projects = - PersonalProjectsFinder.new(@user).execute(current_user) + PersonalProjectsFinder.new(user).execute(current_user) .page(params[:page]) end def load_contributed_projects - @contributed_projects = contributed_projects.joined(@user) + @contributed_projects = contributed_projects.joined(user) end def load_groups - @groups = JoinedGroupsFinder.new(@user).execute(current_user) + @groups = JoinedGroupsFinder.new(user).execute(current_user) end def projects_for_current_user |