diff options
author | Rémy Coutable <remy@rymai.me> | 2017-07-04 14:45:40 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2017-07-04 14:45:40 +0000 |
commit | 52862754aba0d0ce12f9e2d923a906249b16d51b (patch) | |
tree | 773bcfbc566ad09c63ef3433760a3027371d1aad /app/finders | |
parent | a69236cd4a22be2012287ee165db37e92346ee7e (diff) | |
parent | d1488268b2e31b8f3549c6e1e46955619535cd98 (diff) | |
download | gitlab-ce-52862754aba0d0ce12f9e2d923a906249b16d51b.tar.gz |
Merge branch '34141-allow-unauthenticated-access-to-the-users-api' into 'master'
Allow unauthenticated access to the `/api/v4/users` API
Closes #34141
See merge request !12445
Diffstat (limited to 'app/finders')
-rw-r--r-- | app/finders/users_finder.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/finders/users_finder.rb b/app/finders/users_finder.rb index dbd50d1db7c..07deceb827b 100644 --- a/app/finders/users_finder.rb +++ b/app/finders/users_finder.rb @@ -60,13 +60,13 @@ class UsersFinder end def by_external_identity(users) - return users unless current_user.admin? && params[:extern_uid] && params[:provider] + return users unless current_user&.admin? && params[:extern_uid] && params[:provider] users.joins(:identities).merge(Identity.with_extern_uid(params[:provider], params[:extern_uid])) end def by_external(users) - return users = users.where.not(external: true) unless current_user.admin? + return users = users.where.not(external: true) unless current_user&.admin? return users unless params[:external] users.external |