diff options
author | Ciro Santillli <ciro.santilli@gmail.com> | 2014-01-27 15:53:59 +0100 |
---|---|---|
committer | Ciro Santillli <ciro.santilli@gmail.com> | 2014-02-11 15:45:30 +0100 |
commit | 91571c078dee6297a17afecb6dc071ce882c82be (patch) | |
tree | d57688b9653182beaa345e6cabe11b50e4dfabee /app/controllers/users_controller.rb | |
parent | 1284f21c073e42c44b9faa7b0ad1ec90b66ca8fb (diff) | |
download | gitlab-ce-91571c078dee6297a17afecb6dc071ce882c82be.tar.gz |
User pages are visible to users without login
... if the user is authorized to at least one public project.
Diffstat (limited to 'app/controllers/users_controller.rb')
-rw-r--r-- | app/controllers/users_controller.rb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 6a5ce62909e..e86601a439e 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,11 +1,23 @@ class UsersController < ApplicationController - layout 'navless' + + skip_before_filter :authenticate_user!, only: [:show] + layout :determine_layout def show - @user = User.find_by!(username: params[:username]) - @projects = @user.authorized_projects.where(id: current_user.authorized_projects.pluck(:id)).includes(:namespace) + @user = User.find_by_username!(params[:username]) + @projects = @user.authorized_projects.includes(:namespace).select {|project| can?(current_user, :read_project, project)} + if !current_user && @projects.empty? + return authenticate_user! + end @events = @user.recent_events.where(project_id: @projects.map(&:id)).limit(20) - @title = @user.name end + + def determine_layout + if current_user + 'navless' + else + 'public_users' + end + end end |