diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 14:00:14 -0400 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 14:00:14 -0400 |
| commit | 27e0c7723ca1eb85222210a20fd3fee1d77733f7 (patch) | |
| tree | 0b25b0122c7918382c22ab277df421585f9e58b1 /lib/api/users.rb | |
| parent | ee2dc0624093a0fe8665778fd0cc734754e7cdc9 (diff) | |
| parent | 0063194ad6029915361d282392b6ab207ffd1520 (diff) | |
| download | gitlab-ce-ci-commit-as-pipeline.tar.gz | |
Merge remote-tracking branch 'origin/master' into ci-commit-as-pipelineci-commit-as-pipeline
# Conflicts:
# db/schema.rb
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 0a14bac07c0..ea6fa2dc8a8 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -11,6 +11,10 @@ module API # GET /users?search=Admin # GET /users?username=root get do + unless can?(current_user, :read_users_list, nil) + render_api_error!("Not authorized.", 403) + end + if params[:username].present? @users = User.where(username: params[:username]) else @@ -36,10 +40,12 @@ module API get ":id" do @user = User.find(params[:id]) - if current_user.is_admin? + if current_user && current_user.is_admin? present @user, with: Entities::UserFull - else + elsif can?(current_user, :read_user, @user) present @user, with: Entities::User + else + render_api_error!("User not found.", 404) end end |