Be smarter when finding a sudoed user in API::Helpers25482-fix-api-sudo

Signed-off-by: Rémy Coutable <remy@rymai.me>

1 files changed, 11 insertions, 13 deletions

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 2041f0dac6b..8260fcab80a 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -34,6 +34,14 @@ module API
       @available_labels ||= LabelsFinder.new(current_user, project_id: user_project.id).execute
     end
 
+    def find_user(id)
+      if id =~ /^\d+$/
+        User.find_by(id: id)
+      else
+        User.find_by(username: id)
+      end
+    end
+
     def find_project(id)
       if id =~ /^\d+$/
         Project.find_by(id: id)
@@ -349,7 +357,7 @@ module API
 
     def sudo!
       return unless sudo_identifier
-      return unless initial_current_user.is_a?(User)
+      return unless initial_current_user
 
       unless initial_current_user.is_admin?
         forbidden!('Must be admin to use sudo')
@@ -360,7 +368,7 @@ module API
         forbidden!('Private token must be specified in order to use sudo')
       end
 
-      sudoed_user = User.by_username_or_id(sudo_identifier)
+      sudoed_user = find_user(sudo_identifier)
 
       if sudoed_user
         @current_user = sudoed_user
@@ -370,17 +378,7 @@ module API
     end
 
     def sudo_identifier
-      return @sudo_identifier if defined?(@sudo_identifier)
-
-      identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
-
-      # Regex for integers
-      @sudo_identifier =
-        if !!(identifier =~ /\A[0-9]+\z/)
-          identifier.to_i
-        else
-          identifier
-        end
+      @sudo_identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
     end
 
     def add_pagination_headers(paginated_data)