spec/requests · 3c88a7869b87693ba8c3fb9814d39437dd569a31 · Forest Godfrey / gitlab-ce

Implement review comments for !12445 from @godfat and @rymai. · 3c88a786

authored Jun 29, 2017

- Use `GlobalPolicy` to authorize the users that a non-authenticated user can
  fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC`
  visibility level is not restricted.

- Further, as before, `/api/v4/users` is only accessible to unauthenticated users if
  the `username` parameter is passed.

- Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual
  route + method, rather than the description.

- Change the type of `current_user` check in `UsersFinder` to be more
  compatible with EE.

3c88a786

Name	Last commit	Last update
..
api		Loading commit data...
ci/api		Loading commit data...
projects		Loading commit data...
git_http_spec.rb		Loading commit data...
jwt_controller_spec.rb		Loading commit data...
lfs_http_spec.rb		Loading commit data...
openid_connect_spec.rb		Loading commit data...
request_profiler_spec.rb		Loading commit data...