-
Simplify authentication logic in the v4 users API for !12445. · d1488268Timothy Andrew authored
- Rather than using an explicit check to turn off authentication for the `/users` endpoint, simply call `authenticate_non_get!`. - All `GET` endpoints we wish to restrict already call `authenticated_as_admin!`, and so remain inacessible to anonymous users. - This _does_ open up the `/users/:id` endpoint to anonymous access. It contains the same access check that `/users` users, and so is safe for use here. - More context: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12445#note_34031323
d1488268
×