diff options
author | Michael Kozono <mkozono@gmail.com> | 2017-05-03 15:26:44 -0700 |
---|---|---|
committer | Michael Kozono <mkozono@gmail.com> | 2017-05-05 12:12:49 -0700 |
commit | 0c866f4a575d8127efbf3eafda83d8ccfbd97817 (patch) | |
tree | da00182ea8dbba39cf72ae15b857b40aa84d5342 /app/controllers | |
parent | fc061c2ecd2e292383017c703220bfb22d0d6dce (diff) | |
download | gitlab-ce-0c866f4a575d8127efbf3eafda83d8ccfbd97817.tar.gz |
Resolve discussions
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/users_controller.rb | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index d7c1241698a..67783866c3f 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -3,7 +3,6 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! before_action :user, except: [:exists] - before_action :authorize_read_user!, except: [:exists] def show respond_to do |format| @@ -93,14 +92,17 @@ class UsersController < ApplicationController private - def authorize_read_user! - render_404 unless can?(current_user, :read_user, user) - - ensure_canonical_path(user.namespace, params[:username]) - end - def user - @user ||= User.find_by_full_path(params[:username], follow_redirects: true) + return @user if @user + + @user = User.find_by_full_path(params[:username], follow_redirects: true) + + return render_404 unless @user + return render_404 unless can?(current_user, :read_user, @user) + + ensure_canonical_path(@user.namespace, params[:username]) + + @user end def contributed_projects |