d1488268b2
- Rather than using an explicit check to turn off authentication for the `/users` endpoint, simply call `authenticate_non_get!`. - All `GET` endpoints we wish to restrict already call `authenticated_as_admin!`, and so remain inacessible to anonymous users. - This _does_ open up the `/users/:id` endpoint to anonymous access. It contains the same access check that `/users` users, and so is safe for use here. - More context: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12445#note_34031323 |
||
|---|---|---|
| .. | ||
| api | ||
| ci/api | ||
| projects | ||
| git_http_spec.rb | ||
| jwt_controller_spec.rb | ||
| lfs_http_spec.rb | ||
| openid_connect_spec.rb | ||
| request_profiler_spec.rb | ||