3c88a7869b
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE. |
||
---|---|---|
.. | ||
assets | ||
controllers | ||
finders | ||
helpers | ||
mailers | ||
models | ||
policies | ||
presenters | ||
serializers | ||
services | ||
uploaders | ||
validators | ||
views | ||
workers |