Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
ce96d482
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ce96d482
编写于
4月 06, 2016
作者:
F
Felipe Artur
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Insert users check into api
上级
07b38c3b
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
33 addition
and
7 deletion
+33
-7
app/models/ability.rb
app/models/ability.rb
+3
-3
lib/api/api_guard.rb
lib/api/api_guard.rb
+4
-0
lib/api/users.rb
lib/api/users.rb
+8
-2
spec/controllers/users_controller_spec.rb
spec/controllers/users_controller_spec.rb
+0
-2
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+18
-0
未找到文件。
app/models/ability.rb
浏览文件 @
ce96d482
...
...
@@ -91,8 +91,8 @@ class Ability
subject
.
group
end
if
group
rules
<<
:read_group
if
group
.
public?
if
group
.
public?
rules
<<
:read_group
rules
<<
:read_group_members
unless
restricted_public_level?
end
...
...
@@ -483,7 +483,7 @@ class Ability
private
def
restricted_public_level?
@public_restricted
||=
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
end
def
named_abilities
(
name
)
...
...
lib/api/api_guard.rb
浏览文件 @
ce96d482
...
...
@@ -79,6 +79,10 @@ module APIGuard
@current_user
end
def
public_access_restricted?
current_application_settings
.
restricted_visibility_levels
.
include?
(
Gitlab
::
VisibilityLevel
::
PUBLIC
)
end
private
def
find_access_token
@access_token
||=
Doorkeeper
.
authenticate
(
doorkeeper_request
,
Doorkeeper
.
configuration
.
access_token_methods
)
...
...
lib/api/users.rb
浏览文件 @
ce96d482
...
...
@@ -11,6 +11,10 @@ module API
# GET /users?search=Admin
# GET /users?username=root
get
do
if
!
current_user
&&
public_access_restricted?
render_api_error!
(
"Not authorized."
,
403
)
end
if
params
[
:username
].
present?
@users
=
User
.
where
(
username:
params
[
:username
])
else
...
...
@@ -36,10 +40,12 @@ module API
get
":id"
do
@user
=
User
.
find
(
params
[
:id
])
if
current_user
.
is_admin?
if
current_user
.
present?
&&
current_user
.
is_admin?
present
@user
,
with:
Entities
::
UserFull
els
e
els
if
can?
(
current_user
,
:read_user
,
@user
)
present
@user
,
with:
Entities
::
User
else
render_api_error!
(
"User not found."
,
404
)
end
end
...
...
spec/controllers/users_controller_spec.rb
浏览文件 @
ce96d482
...
...
@@ -30,8 +30,6 @@ describe UsersController do
end
describe
'when logged out'
do
before
{
stub_application_setting
(
restricted_visibility_levels:
[])
}
it
'renders the show template'
do
get
:show
,
username:
user
.
username
...
...
spec/requests/api/users_spec.rb
浏览文件 @
ce96d482
...
...
@@ -20,6 +20,24 @@ describe API::API, api: true do
end
context
"when authenticated"
do
#These specs are written just in case API authentication is not required anymore
context
"when public level is restricted"
do
before
do
stub_application_setting
(
restricted_visibility_levels:
[
Gitlab
::
VisibilityLevel
::
PUBLIC
])
allow_any_instance_of
(
API
::
Helpers
).
to
receive
(
:authenticate!
).
and_return
(
true
)
end
it
"renders 403"
do
get
api
(
"/users"
)
expect
(
response
.
status
).
to
eq
(
403
)
end
it
"renders 404"
do
get
api
(
"/users/
#{
user
.
id
}
"
)
expect
(
response
.
status
).
to
eq
(
404
)
end
end
it
"should return an array of users"
do
get
api
(
"/users"
,
user
)
expect
(
response
.
status
).
to
eq
(
200
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录