summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/finders/users_finder.rb11
-rw-r--r--app/policies/base_policy.rb6
-rw-r--r--app/policies/global_policy.rb3
-rw-r--r--app/policies/user_policy.rb6
4 files changed, 12 insertions, 14 deletions
diff --git a/app/finders/users_finder.rb b/app/finders/users_finder.rb
index 0534317df8f..07deceb827b 100644
--- a/app/finders/users_finder.rb
+++ b/app/finders/users_finder.rb
@@ -27,11 +27,8 @@ class UsersFinder
users = by_search(users)
users = by_blocked(users)
users = by_active(users)
-
- if current_user
- users = by_external_identity(users)
- users = by_external(users)
- end
+ users = by_external_identity(users)
+ users = by_external(users)
users
end
@@ -63,13 +60,13 @@ class UsersFinder
end
def by_external_identity(users)
- return users unless current_user.admin? && params[:extern_uid] && params[:provider]
+ return users unless current_user&.admin? && params[:extern_uid] && params[:provider]
users.joins(:identities).merge(Identity.with_extern_uid(params[:provider], params[:extern_uid]))
end
def by_external(users)
- return users = users.where.not(external: true) unless current_user.admin?
+ return users = users.where.not(external: true) unless current_user&.admin?
return users unless params[:external]
users.external
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index 623424c63e0..261a2e780c5 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -1,4 +1,6 @@
class BasePolicy
+ include Gitlab::CurrentSettings
+
class RuleSet
attr_reader :can_set, :cannot_set
def initialize(can_set, cannot_set)
@@ -124,4 +126,8 @@ class BasePolicy
yield
@rule_set
end
+
+ def restricted_public_level?
+ current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
+ end
end
diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 2683aaad981..e9be43a5037 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -1,9 +1,10 @@
class GlobalPolicy < BasePolicy
def rules
+ can! :read_users_list unless restricted_public_level?
+
return unless @user
can! :create_group if @user.can_create_group
- can! :read_users_list
unless @user.blocked? || @user.internal?
can! :log_in unless @user.access_locked?
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 229846e368c..265c56aba53 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -1,6 +1,4 @@
class UserPolicy < BasePolicy
- include Gitlab::CurrentSettings
-
def rules
can! :read_user if @user || !restricted_public_level?
@@ -12,8 +10,4 @@ class UserPolicy < BasePolicy
cannot! :destroy_user if @subject.ghost?
end
end
-
- def restricted_public_level?
- current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
- end
end
View Lorry Controller Status