diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 10:11:19 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 10:11:19 +0000 |
commit | 9a1e9397b4e378e052af12c697a9fbfd70a24bf5 (patch) | |
tree | bda9287282dfaefa0c717f092947f79839e07102 /app/graphql/types/user_interface.rb | |
parent | 9fb816facef888b8fcdbc443af304105c480547b (diff) | |
download | gitlab-ce-9a1e9397b4e378e052af12c697a9fbfd70a24bf5.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee
Diffstat (limited to 'app/graphql/types/user_interface.rb')
-rw-r--r-- | app/graphql/types/user_interface.rb | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/app/graphql/types/user_interface.rb b/app/graphql/types/user_interface.rb index 8c67275eb73..7cc201b6df4 100644 --- a/app/graphql/types/user_interface.rb +++ b/app/graphql/types/user_interface.rb @@ -29,7 +29,10 @@ module Types field :name, type: GraphQL::Types::String, null: false, - description: 'Human-readable name of the user.' + resolver_method: :redacted_name, + description: 'Human-readable name of the user. ' \ + 'Will return `****` if the user is a project bot and the requester does not have permission to read resource access tokens.' + field :state, type: Types::UserStateEnum, null: false, @@ -121,5 +124,16 @@ module Types ::Types::UserType end end + + def redacted_name + return object.name unless object.project_bot? + + return object.name if context[:current_user]&.can?(:read_resource_access_tokens, object.projects.first) + + # If the requester does not have permission to read the project bot name, + # the API returns an arbitrary string. UI changes will be addressed in a follow up issue: + # https://gitlab.com/gitlab-org/gitlab/-/issues/346058 + '****' + end end end |