Skip to content

G
gitlab-ce
Commit 02b85fd2 authored by Jacob Vosmaer's avatar Jacob Vosmaer
Browse files
Options

Check user access status in API for current_user

parent 34fd5570
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 0 deletions
lib/api/helpers.rb
View file @ 02b85fd2
...@@ -8,6 +8,11 @@ module API ...@@ -8,6 +8,11 @@ module API
def current_user def current_user
private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
@current_user ||= User.find_by(authentication_token: private_token) @current_user ||= User.find_by(authentication_token: private_token)
unless @current_user && Gitlab::UserAccess.allowed?(@current_user)
return nil
end
identifier = sudo_identifier() identifier = sudo_identifier()
# If the sudo is the current user do nothing # If the sudo is the current user do nothing
......
spec/requests/api/api_helpers_spec.rb
View file @ 02b85fd2
...@@ -44,6 +44,11 @@ describe API, api: true do ...@@ -44,6 +44,11 @@ describe API, api: true do
current_user.should be_nil current_user.should be_nil
end end
it "should return nil for a user without access" do
Gitlab::UserAccess.stub(allowed?: false)
current_user.should be_nil
end
it "should leave user as is when sudo not specified" do it "should leave user as is when sudo not specified" do
env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = user.private_token
current_user.should == user current_user.should == user
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7