diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-30 12:40:01 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-30 12:40:01 +0000 |
commit | f19a0fa10a0024fab5ef3c556612944f2a62c298 (patch) | |
tree | ef5c359820d2409cf07c0610122299d314ec4743 /app | |
parent | eba52140851d2fb08665119c0a3997d0612ccb88 (diff) | |
download | gitlab-ce-f19a0fa10a0024fab5ef3c556612944f2a62c298.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/users_controller.rb | 7 | ||||
-rw-r--r-- | app/services/resource_access_tokens/create_service.rb | 2 |
2 files changed, 3 insertions, 6 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1b927afdcf5..30ccceec1af 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -20,7 +20,7 @@ class UsersController < ApplicationController skip_before_action :authenticate_user! prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) } - before_action :user, except: [:exists, :ssh_keys] + before_action :user, except: [:exists] before_action :authorize_read_user_profile!, only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following] @@ -44,12 +44,7 @@ class UsersController < ApplicationController # Get all keys of a user(params[:username]) in a text format # Helpful for sysadmins to put in respective servers - # - # Uses `UserFinder` rather than `find_routable!` because this endpoint should - # be publicly available regardless of instance visibility settings. def ssh_keys - user = UserFinder.new(params[:username]).find_by_username - render plain: user.all_ssh_keys.join("\n") end diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb index 34aa414de8f..e0371e5d80f 100644 --- a/app/services/resource_access_tokens/create_service.rb +++ b/app/services/resource_access_tokens/create_service.rb @@ -16,6 +16,8 @@ module ResourceAccessTokens return error(user.errors.full_messages.to_sentence) unless user.persisted? + user.update!(external: true) if current_user.external? + access_level = params[:access_level] || Gitlab::Access::MAINTAINER member = create_membership(resource, user, access_level) |