diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-25 16:54:51 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-25 16:54:51 +0000 |
| commit | cdc3d9991b0cca2d2243bdf452f61aae40d778cd (patch) | |
| tree | f05b5b8c2e3fd10e210c35637292f3d28ac6f510 /lib | |
| parent | e92c90758eb4126acc84962d37bb273d6d87b27b (diff) | |
| download | gitlab-ce-cdc3d9991b0cca2d2243bdf452f61aae40d778cd.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@14-8-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/users.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index d540978931e..6d4f12d80f8 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -105,9 +105,6 @@ module API params.except!(:created_after, :created_before, :order_by, :sort, :two_factor, :without_projects) end - users = UsersFinder.new(current_user, params).execute - users = reorder_users(users) - authorized = can?(current_user, :read_users_list) # When `current_user` is not present, require that the `username` @@ -119,6 +116,9 @@ module API forbidden!("Not authorized to access /api/v4/users") unless authorized + users = UsersFinder.new(current_user, params).execute + users = reorder_users(users) + entity = current_user&.admin? ? Entities::UserWithAdmin : Entities::UserBasic users = users.preload(:identities, :u2f_registrations) if entity == Entities::UserWithAdmin users = users.preload(:identities, :webauthn_registrations) if entity == Entities::UserWithAdmin |