3c88a7869b
- Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE. |
||
---|---|---|
.. | ||
helpers | ||
v3 | ||
access_requests.rb | ||
api.rb | ||
api_guard.rb | ||
award_emoji.rb | ||
boards.rb | ||
branches.rb | ||
broadcast_messages.rb | ||
commit_statuses.rb | ||
commits.rb | ||
deploy_keys.rb | ||
deployments.rb | ||
entities.rb | ||
environments.rb | ||
events.rb | ||
features.rb | ||
files.rb | ||
groups.rb | ||
helpers.rb | ||
internal.rb | ||
issues.rb | ||
jobs.rb | ||
keys.rb | ||
labels.rb | ||
lint.rb | ||
members.rb | ||
merge_request_diffs.rb | ||
merge_requests.rb | ||
milestones.rb | ||
namespaces.rb | ||
notes.rb | ||
notification_settings.rb | ||
pagination_params.rb | ||
pipeline_schedules.rb | ||
pipelines.rb | ||
project_hooks.rb | ||
project_snippets.rb | ||
projects.rb | ||
repositories.rb | ||
runner.rb | ||
runners.rb | ||
services.rb | ||
session.rb | ||
settings.rb | ||
sidekiq_metrics.rb | ||
snippets.rb | ||
subscriptions.rb | ||
system_hooks.rb | ||
tags.rb | ||
templates.rb | ||
time_tracking_endpoints.rb | ||
todos.rb | ||
triggers.rb | ||
users.rb | ||
variables.rb | ||
version.rb |