diff options
author | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-06-18 09:23:31 +0200 |
---|---|---|
committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-06-18 09:23:31 +0200 |
commit | 56777e89562fe9c81f6e9237bff9cee6420fc093 (patch) | |
tree | a18d1dfad849311b38812db98d3f9cad520a49dc /lib/api/users.rb | |
parent | 9169c7e81fb906cf9f419d195d73a585b19dafbc (diff) | |
parent | 00906b5bb6cde8cb60281109060a519a54000c61 (diff) | |
download | gitlab-ce-56777e89562fe9c81f6e9237bff9cee6420fc093.tar.gz |
Merge branch 'master' into ci-scala-example
Diffstat (limited to 'lib/api/users.rb')
-rw-r--r-- | lib/api/users.rb | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 13ab17c6904..8a376d3c2a3 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -11,6 +11,10 @@ module API # GET /users?search=Admin # GET /users?username=root get do + unless can?(current_user, :read_users_list, nil) + render_api_error!("Not authorized.", 403) + end + if params[:username].present? @users = User.where(username: params[:username]) else @@ -36,10 +40,12 @@ module API get ":id" do @user = User.find(params[:id]) - if current_user.is_admin? + if current_user && current_user.is_admin? present @user, with: Entities::UserFull - else + elsif can?(current_user, :read_user, @user) present @user, with: Entities::User + else + render_api_error!("User not found.", 404) end end @@ -58,6 +64,7 @@ module API # extern_uid - External authentication provider UID # provider - External provider # bio - Bio + # location - Location of the user # admin - User is admin - true or false (default) # can_create_group - User can create groups - true or false # confirm - Require user confirmation - true (default) or false @@ -67,9 +74,9 @@ module API post do authenticated_as_admin! required_attributes! [:email, :password, :name, :username] - attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :bio, :can_create_group, :admin, :confirm, :external] + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :bio, :location, :can_create_group, :admin, :confirm, :external] admin = attrs.delete(:admin) - confirm = !(attrs.delete(:confirm) =~ (/(false|f|no|0)$/i)) + confirm = !(attrs.delete(:confirm) =~ /(false|f|no|0)$/i) user = User.build_user(attrs) user.admin = admin unless admin.nil? user.skip_confirmation! unless confirm @@ -106,6 +113,7 @@ module API # website_url - Website url # projects_limit - Limit projects each user can create # bio - Bio + # location - Location of the user # admin - User is admin - true or false (default) # can_create_group - User can create groups - true or false # external - Flags the user as external - true or false(default) @@ -114,7 +122,7 @@ module API put ":id" do authenticated_as_admin! - attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :can_create_group, :admin, :external] + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :bio, :location, :can_create_group, :admin, :external] user = User.find(params[:id]) not_found!('User') unless user |