summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-08-30 12:40:01 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-08-30 12:40:01 +0000
commitf19a0fa10a0024fab5ef3c556612944f2a62c298 (patch)
treeef5c359820d2409cf07c0610122299d314ec4743 /app
parenteba52140851d2fb08665119c0a3997d0612ccb88 (diff)
downloadgitlab-ce-f19a0fa10a0024fab5ef3c556612944f2a62c298.tar.gz
Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee
Diffstat (limited to 'app')
-rw-r--r--app/controllers/users_controller.rb7
-rw-r--r--app/services/resource_access_tokens/create_service.rb2
2 files changed, 3 insertions, 6 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1b927afdcf5..30ccceec1af 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -20,7 +20,7 @@ class UsersController < ApplicationController
skip_before_action :authenticate_user!
prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) }
- before_action :user, except: [:exists, :ssh_keys]
+ before_action :user, except: [:exists]
before_action :authorize_read_user_profile!,
only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following]
@@ -44,12 +44,7 @@ class UsersController < ApplicationController
# Get all keys of a user(params[:username]) in a text format
# Helpful for sysadmins to put in respective servers
- #
- # Uses `UserFinder` rather than `find_routable!` because this endpoint should
- # be publicly available regardless of instance visibility settings.
def ssh_keys
- user = UserFinder.new(params[:username]).find_by_username
-
render plain: user.all_ssh_keys.join("\n")
end
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb
index 34aa414de8f..e0371e5d80f 100644
--- a/app/services/resource_access_tokens/create_service.rb
+++ b/app/services/resource_access_tokens/create_service.rb
@@ -16,6 +16,8 @@ module ResourceAccessTokens
return error(user.errors.full_messages.to_sentence) unless user.persisted?
+ user.update!(external: true) if current_user.external?
+
access_level = params[:access_level] || Gitlab::Access::MAINTAINER
member = create_membership(resource, user, access_level)