Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-18 09:45:46 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-18 09:45:46 +0000
commit: a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch)
tree: 7452bd5c3545c2fa67a28aa013835fb4fa071baf /lib/api/users.rb
parent: ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff)
download: gitlab-ce-a7b3560714b4d9cc4ab32dffcd1f74a284b93580.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb
index eeb5244466a..d540978931e 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -143,7 +143,12 @@ module API
         forbidden!('Not authorized!') unless current_user
 
         if Feature.enabled?(:rate_limit_user_by_id_endpoint, type: :development)
-          check_rate_limit! :users_get_by_id, scope: current_user unless current_user.admin?
+          unless current_user.admin?
+            check_rate_limit!(:users_get_by_id,
+              scope: current_user,
+              users_allowlist: Gitlab::CurrentSettings.current_application_settings.users_get_by_id_limit_allowlist
+            )
+          end
         end
 
         user = User.find_by(id: params[:id])
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-18 09:45:46 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-18 09:45:46 +0000
commit	a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch)
tree	7452bd5c3545c2fa67a28aa013835fb4fa071baf /lib/api/users.rb
parent	ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff)
download	gitlab-ce-a7b3560714b4d9cc4ab32dffcd1f74a284b93580.tar.gz