diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 14:00:14 -0400 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 14:00:14 -0400 |
| commit | 27e0c7723ca1eb85222210a20fd3fee1d77733f7 (patch) | |
| tree | 0b25b0122c7918382c22ab277df421585f9e58b1 /lib/api | |
| parent | ee2dc0624093a0fe8665778fd0cc734754e7cdc9 (diff) | |
| parent | 0063194ad6029915361d282392b6ab207ffd1520 (diff) | |
| download | gitlab-ce-ci-commit-as-pipeline.tar.gz | |
Merge remote-tracking branch 'origin/master' into ci-commit-as-pipelineci-commit-as-pipeline
# Conflicts:
# db/schema.rb
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/internal.rb | 6 | ||||
| -rw-r--r-- | lib/api/tags.rb | 2 | ||||
| -rw-r--r-- | lib/api/users.rb | 10 |
3 files changed, 13 insertions, 5 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 2200208b946..8cfa1f1556b 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -23,9 +23,11 @@ module API end post "/allowed" do + Gitlab::Metrics.tag_transaction('action', 'Grape#/internal/allowed') + status 200 - actor = + actor = if params[:key_id] Key.find_by(id: params[:key_id]) elsif params[:user_id] @@ -33,7 +35,7 @@ module API end project_path = params[:project] - + # Check for *.wiki repositories. # Strip out the .wiki from the pathname before finding the # project. This applies the correct project permissions to diff --git a/lib/api/tags.rb b/lib/api/tags.rb index d1a10479e44..3e1ed3fe5c7 100644 --- a/lib/api/tags.rb +++ b/lib/api/tags.rb @@ -12,7 +12,7 @@ module API # Example Request: # GET /projects/:id/repository/tags get ":id/repository/tags" do - present user_project.repo.tags.sort_by(&:name).reverse, + present user_project.repository.tags.sort_by(&:name).reverse, with: Entities::RepoTag, project: user_project end diff --git a/lib/api/users.rb b/lib/api/users.rb index 0a14bac07c0..ea6fa2dc8a8 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -11,6 +11,10 @@ module API # GET /users?search=Admin # GET /users?username=root get do + unless can?(current_user, :read_users_list, nil) + render_api_error!("Not authorized.", 403) + end + if params[:username].present? @users = User.where(username: params[:username]) else @@ -36,10 +40,12 @@ module API get ":id" do @user = User.find(params[:id]) - if current_user.is_admin? + if current_user && current_user.is_admin? present @user, with: Entities::UserFull - else + elsif can?(current_user, :read_user, @user) present @user, with: Entities::User + else + render_api_error!("User not found.", 404) end end |