Name |
Last commit
|
Last update |
---|---|---|
.. | ||
api | ||
ci/api | ||
projects | ||
git_http_spec.rb | ||
jwt_controller_spec.rb | ||
lfs_http_spec.rb | ||
openid_connect_spec.rb | ||
request_profiler_spec.rb |
BigW Consortium Gitlab
- Rather than using an explicit check to turn off authentication for the `/users` endpoint, simply call `authenticate_non_get!`. - All `GET` endpoints we wish to restrict already call `authenticated_as_admin!`, and so remain inacessible to anonymous users. - This _does_ open up the `/users/:id` endpoint to anonymous access. It contains the same access check that `/users` users, and so is safe for use here. - More context: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12445#note_34031323
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
api | Loading commit data... | |
ci/api | Loading commit data... | |
projects | Loading commit data... | |
git_http_spec.rb | Loading commit data... | |
jwt_controller_spec.rb | Loading commit data... | |
lfs_http_spec.rb | Loading commit data... | |
openid_connect_spec.rb | Loading commit data... | |
request_profiler_spec.rb | Loading commit data... |