diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-18 09:45:46 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-18 09:45:46 +0000 |
commit | a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch) | |
tree | 7452bd5c3545c2fa67a28aa013835fb4fa071baf /lib/api/users.rb | |
parent | ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff) | |
download | gitlab-ce-a7b3560714b4d9cc4ab32dffcd1f74a284b93580.tar.gz |
Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42
Diffstat (limited to 'lib/api/users.rb')
-rw-r--r-- | lib/api/users.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index eeb5244466a..d540978931e 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -143,7 +143,12 @@ module API forbidden!('Not authorized!') unless current_user if Feature.enabled?(:rate_limit_user_by_id_endpoint, type: :development) - check_rate_limit! :users_get_by_id, scope: current_user unless current_user.admin? + unless current_user.admin? + check_rate_limit!(:users_get_by_id, + scope: current_user, + users_allowlist: Gitlab::CurrentSettings.current_application_settings.users_get_by_id_limit_allowlist + ) + end end user = User.find_by(id: params[:id]) |