Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api

- Modify policy code to work with the `DeclarativePolicy` refactor in 37c401433b76170f0150d70865f1f4584db01fa8.
author: Timothy Andrew <mail@timothyandrew.net> 2017-06-30 13:29:34 +0000
committer: Timothy Andrew <mail@timothyandrew.net> 2017-06-30 13:45:51 +0000
commit: 5dedea358dc3012b4c2a876065c16cf748fbf7ea (patch)
tree: fe98aaca557bb4c1e4bced6f1a8508c63c1587a0 /lib/api/projects.rb
parent: 3c88a7869b87693ba8c3fb9814d39437dd569a31 (diff)
parent: 81dba76b9d7d120cd22e3619a4058bd4885be9bc (diff)
download: gitlab-ce-5dedea358dc3012b4c2a876065c16cf748fbf7ea.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index c5df45b7902..d0bd64b2972 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -1,3 +1,5 @@
+require_dependency 'declarative_policy'
+
 module API
   # Projects API
   class Projects < Grape::API
@@ -396,7 +398,7 @@ module API
         use :pagination
       end
       get ':id/users' do
-        users = user_project.team.users
+        users = DeclarativePolicy.subject_scope { user_project.team.users }
         users = users.search(params[:search]) if params[:search].present?
 
         present paginate(users), with: Entities::UserBasic
author	Timothy Andrew <mail@timothyandrew.net>	2017-06-30 13:29:34 +0000
committer	Timothy Andrew <mail@timothyandrew.net>	2017-06-30 13:45:51 +0000
commit	5dedea358dc3012b4c2a876065c16cf748fbf7ea (patch)
tree	fe98aaca557bb4c1e4bced6f1a8508c63c1587a0 /lib/api/projects.rb
parent	3c88a7869b87693ba8c3fb9814d39437dd569a31 (diff)
parent	81dba76b9d7d120cd22e3619a4058bd4885be9bc (diff)
download	gitlab-ce-5dedea358dc3012b4c2a876065c16cf748fbf7ea.tar.gz