Fix documentation and improve permissions code
This commit is contained in:
parent
7d54e721da
commit
820c08cefd
|
@ -120,6 +120,7 @@ class Ability
|
|||
def global_abilities(user)
|
||||
rules = []
|
||||
rules << :create_group if user.can_create_group
|
||||
rules << :read_users_list
|
||||
rules
|
||||
end
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
= level
|
||||
%span.help-block#restricted-visibility-help
|
||||
Selected levels cannot be used by non-admin users for projects or snippets.
|
||||
If public level is restricted user profiles are not accessible to not logged users.
|
||||
If the public level is restricted, user profiles are only visible to logged in users.
|
||||
.form-group
|
||||
= f.label :import_sources, class: 'control-label col-sm-2'
|
||||
.col-sm-10
|
||||
|
|
|
@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md)
|
|||
or by checking the checkbox on the admin panel. As an administrator, navigate
|
||||
to **Admin > Users** to create a new user or edit an existing one. There, you
|
||||
will find the option to flag the user as external.
|
||||
|
||||
## Restricted visibility levels
|
||||
|
||||
Visibility levels can be restricted in admin settings page by administrator, when
|
||||
restricting a visibility level groups, projects and snippets are not allowed to be
|
||||
created with that visibility setting. If the public visibility level is restricted
|
||||
user profiles are accessible to not logged users.
|
||||
|
|
|
@ -58,6 +58,9 @@ you are logged in or not.
|
|||
When visiting the public page of a user, you can only see the projects which
|
||||
you are privileged to.
|
||||
|
||||
If the public level is restricted, user profiles are only visible to logged in users.
|
||||
|
||||
|
||||
## Restricting the use of public or internal projects
|
||||
|
||||
In the Admin area under **Settings** (`/admin/application_settings`), you can
|
||||
|
|
|
@ -79,10 +79,6 @@ module APIGuard
|
|||
@current_user
|
||||
end
|
||||
|
||||
def public_access_restricted?
|
||||
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
|
||||
end
|
||||
|
||||
private
|
||||
def find_access_token
|
||||
@access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
|
||||
|
|
|
@ -11,7 +11,7 @@ module API
|
|||
# GET /users?search=Admin
|
||||
# GET /users?username=root
|
||||
get do
|
||||
if !current_user && public_access_restricted?
|
||||
unless can?(current_user, :read_users_list, nil)
|
||||
render_api_error!("Not authorized.", 403)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue