From 0b67d7a0fe79c05681c6e541105350d94fff6931 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 10 Jul 2015 17:36:24 -0700
Subject: Fix user autocomplete for unauthenticated users accessing public
 projects

Closes #1955
---
 app/controllers/autocomplete_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/controllers/autocomplete_controller.rb')

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 11af9895261..8b12643bb97 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -1,4 +1,6 @@
 class AutocompleteController < ApplicationController
+  skip_before_action :authenticate_user!, only: [:users]
+
   def users
     @users =
       if params[:project_id].present?
@@ -13,8 +15,10 @@ class AutocompleteController < ApplicationController
         if can?(current_user, :read_group, group)
           group.users
         end
-      else
+      elsif current_user
         User.all
+      else
+        User.none
       end
 
     @users = @users.search(params[:search]) if params[:search].present?
-- 
cgit v1.2.1


From 96644c1fc146b55795d36cf4c03a80d2d58d112e Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sat, 11 Jul 2015 06:16:59 -0700
Subject: Better handle unknown projects and groups for autocomplete

---
 app/controllers/autocomplete_controller.rb | 37 +++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 14 deletions(-)

(limited to 'app/controllers/autocomplete_controller.rb')

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 8b12643bb97..52e9c58b47c 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -2,25 +2,34 @@ class AutocompleteController < ApplicationController
   skip_before_action :authenticate_user!, only: [:users]
 
   def users
-    @users =
-      if params[:project_id].present?
-        project = Project.find(params[:project_id])
+    begin
+      @users =
+        if params[:project_id].present?
+          project = Project.find(params[:project_id])
 
-        if can?(current_user, :read_project, project)
-          project.team.users
-        end
-      elsif params[:group_id]
-        group = Group.find(params[:group_id])
+          if can?(current_user, :read_project, project)
+            project.team.users
+          end
+        elsif params[:group_id]
+          group = Group.find(params[:group_id])
 
-        if can?(current_user, :read_group, group)
-          group.users
+          if can?(current_user, :read_group, group)
+            group.users
+          end
+        elsif current_user
+          User.all
         end
-      elsif current_user
-        User.all
-      else
-        User.none
+    rescue ActiveRecord::RecordNotFound
+      if current_user
+        return render json: {}, status: 404
       end
+    end
+
+    if @users.nil? && current_user.nil?
+      authenticate_user!
+    end
 
+    @users ||= User.none
     @users = @users.search(params[:search]) if params[:search].present?
     @users = @users.active
     @users = @users.page(params[:page]).per(PER_PAGE)
-- 
cgit v1.2.1