Allow admin to read_users_list even if it's restricted
This commit is contained in:
parent
d95e6da0d5
commit
25e44edc30
|
@ -44,7 +44,7 @@ class GlobalPolicy < BasePolicy
|
|||
prevent :log_in
|
||||
end
|
||||
|
||||
rule { ~restricted_public_level }.policy do
|
||||
rule { admin | ~restricted_public_level }.policy do
|
||||
enable :read_users_list
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: Allow admin to read_users_list even if it's restricted
|
||||
merge_request: 13066
|
||||
author:
|
|
@ -30,5 +30,25 @@ describe GlobalPolicy, models: true do
|
|||
it { is_expected.to be_allowed(:read_users_list) }
|
||||
end
|
||||
end
|
||||
|
||||
context "for an admin" do
|
||||
let(:current_user) { create(:admin) }
|
||||
|
||||
context "when the public level is restricted" do
|
||||
before do
|
||||
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed(:read_users_list) }
|
||||
end
|
||||
|
||||
context "when the public level is not restricted" do
|
||||
before do
|
||||
stub_application_setting(restricted_visibility_levels: [])
|
||||
end
|
||||
|
||||
it { is_expected.to be_allowed(:read_users_list) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -55,17 +55,22 @@ describe API::Users do
|
|||
context "when public level is restricted" do
|
||||
before do
|
||||
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
|
||||
allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
|
||||
end
|
||||
|
||||
context 'when authenticate as a regular user' do
|
||||
it "renders 403" do
|
||||
get api("/users")
|
||||
expect(response).to have_http_status(403)
|
||||
get api("/users", user)
|
||||
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
end
|
||||
end
|
||||
|
||||
it "renders 404" do
|
||||
get api("/users/#{user.id}")
|
||||
expect(response).to have_http_status(404)
|
||||
context 'when authenticate as an admin' do
|
||||
it "renders 200" do
|
||||
get api("/users", admin)
|
||||
|
||||
expect(response).to have_gitlab_http_status(200)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue