Commit graph

9 commits

Author SHA1 Message Date
Bob Van Landuyt
b4c4b48a8c Allow users to set a status
This can be done trough the API for the current user, or on the
profile page.
2018-07-30 15:01:26 +02:00
gfyoung
d5bf57a6af Enable frozen string in presenters and policies
Enable frozen string in:

* app/presenters
* app/policies

Partially addresses #47424.
2018-07-24 13:18:25 -07:00
JX Terry
99011a61cf Add an option to have a private profile on GitLab 2018-07-24 12:46:19 +00:00
Bob Van Landuyt
17b25bd263 Make the user dropdown reusable
We will reuse the the dropdown, but exclude some menu items based on
permissions.

So moving the menu to a partial, and adding checks for each menu item here.
2018-05-04 13:52:55 +02:00
Timothy Andrew
5dedea358d Merge remote-tracking branch 'origin/master' into 34141-allow-unauthenticated-access-to-the-users-api
- Modify policy code to work with the `DeclarativePolicy` refactor
  in 37c401433b.
2017-06-30 13:45:51 +00:00
Timothy Andrew
3c88a7869b Implement review comments for !12445 from @godfat and @rymai.
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can
  fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC`
  visibility level is not restricted.

- Further, as before, `/api/v4/users` is only accessible to unauthenticated users if
  the `username` parameter is passed.

- Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual
  route + method, rather than the description.

- Change the type of `current_user` check in `UsersFinder` to be more
  compatible with EE.
2017-06-30 13:06:03 +00:00
http://jneen.net/
37c401433b convert all the policies to DeclarativePolicy 2017-06-27 12:44:37 -07:00
Timothy Andrew
6fdb17cbbe
Don't allow deleting a ghost user.
- Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.
2017-02-24 16:50:20 +05:30
http://jneen.net/
a340829c42 port UserPolicy 2016-08-30 11:39:22 -07:00