diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api_guard.rb | 4 | ||||
| -rw-r--r-- | lib/api/users.rb | 2 |
2 files changed, 1 insertions, 5 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 6ce5529abfa..b9994fcefda 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -79,10 +79,6 @@ module APIGuard @current_user end - def public_access_restricted? - current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC) - end - private def find_access_token @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods) diff --git a/lib/api/users.rb b/lib/api/users.rb index 9647a40686e..315268fc0ca 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -11,7 +11,7 @@ module API # GET /users?search=Admin # GET /users?username=root get do - if !current_user && public_access_restricted? + unless can?(current_user, :read_users_list, nil) render_api_error!("Not authorized.", 403) end |