Restrict user profiles based on restricted visibility levels
This commit is contained in:
parent
5ae4fd2181
commit
b05f0a4858
|
@ -1,6 +1,7 @@
|
|||
class UsersController < ApplicationController
|
||||
skip_before_action :authenticate_user!
|
||||
before_action :set_user
|
||||
before_filter :authorize_read_user, only: [:show]
|
||||
|
||||
def show
|
||||
respond_to do |format|
|
||||
|
@ -74,6 +75,9 @@ class UsersController < ApplicationController
|
|||
end
|
||||
|
||||
private
|
||||
def authorize_read_user
|
||||
render_404 unless @user.public?
|
||||
end
|
||||
|
||||
def set_user
|
||||
@user = User.find_by_username!(params[:username])
|
||||
|
|
|
@ -835,6 +835,10 @@ class User < ActiveRecord::Base
|
|||
notification_settings.find_or_initialize_by(source: source)
|
||||
end
|
||||
|
||||
def public?
|
||||
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def projects_union
|
||||
|
|
Loading…
Reference in New Issue