Merge branch 'features/unauth-access-ssh-keys' into 'master'

List public ssh keys by id or username without authentication See merge request gitlab-org/gitlab-ce!20118
author: Douwe Maan <douwe@gitlab.com> 2018-10-05 08:41:04 +0000
committer: Douwe Maan <douwe@gitlab.com> 2018-10-05 08:41:04 +0000
commit: 9fcd903b60d88b3df303628b09a15ef09689a002 (patch)
tree: 2644ab09cdf5b0b9dc5975ebda9c8b672fa44eee /lib/api
parent: 81641e592a954e98c29d862148c1104b87f30745 (diff)
parent: 7d55c1353d6402f33a9fef734148fb776da076d3 (diff)
download: gitlab-ce-9fcd903b60d88b3df303628b09a15ef09689a002.tar.gz
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 11a7f4ef64d..501c5cf1df3 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -256,7 +256,7 @@ module API
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
-      desc 'Get the SSH keys of a specified user. Available only for admins.' do
+      desc 'Get the SSH keys of a specified user.' do
         success Entities::SSHKey
       end
       params do
@@ -265,10 +265,8 @@ module API
       end
       # rubocop: disable CodeReuse/ActiveRecord
       get ':id/keys' do
-        authenticated_as_admin!
-
         user = User.find_by(id: params[:id])
-        not_found!('User') unless user
+        not_found!('User') unless user && can?(current_user, :read_user, user)
 
         present paginate(user.keys), with: Entities::SSHKey
       end
author	Douwe Maan <douwe@gitlab.com>	2018-10-05 08:41:04 +0000
committer	Douwe Maan <douwe@gitlab.com>	2018-10-05 08:41:04 +0000
commit	9fcd903b60d88b3df303628b09a15ef09689a002 (patch)
tree	2644ab09cdf5b0b9dc5975ebda9c8b672fa44eee /lib/api
parent	81641e592a954e98c29d862148c1104b87f30745 (diff)
parent	7d55c1353d6402f33a9fef734148fb776da076d3 (diff)
download	gitlab-ce-9fcd903b60d88b3df303628b09a15ef09689a002.tar.gz