Apply reviewer suggestions

79611ed1 · Serena Fang · Douglas Barbosa Alexandre · de35bb22 · 79611ed1 · 79611ed1
Commit 79611ed1 authored Mar 01, 2022 by Serena Fang Committed by Douglas Barbosa Alexandre Mar 08, 2022
Showing with 18 additions and 20 deletions

app/graphql/types/user_interface.rb app/graphql/types/user_interface.rb +2 -10

app/helpers/users_helper.rb app/helpers/users_helper.rb +13 -0

lib/api/entities/user_safe.rb lib/api/entities/user_safe.rb +3 -10

No files found.
--- a/app/graphql/types/user_interface.rb
+++ b/app/graphql/types/user_interface.rb
@@ -3,6 +3,7 @@
 module Types
  module UserInterface
    include Types::BaseInterface
+    include UsersHelper

    graphql_name 'User'
    description 'Representation of a GitLab user.'
@@ -136,16 +137,7 @@ module Types
    def redacted_name
      return object.name unless object.project_bot?

-      if object.groups
-        return object.name if context[:current_user]&.can?(:read_group, object.groups.first)
-      end
-
-      return object.name if context[:current_user]&.can?(:read_project, object.projects.first)
-
-      # If the requester does not have permission to read the project bot name,
-      # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
-      # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
-      '****'
+      secure_project_bot_name(context[:current_user], object)
    end
  end
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -176,6 +176,19 @@ module UsersHelper
    user.public_email.present?
  end

+  def secure_project_bot_name(current_user, user)
+    if user.groups.any?
+      return user.name if current_user&.can?(:read_group, user.groups.first)
+    end
+
+    return user.name if current_user&.can?(:read_project, user.projects.first)
+
+    # If the requester does not have permission to read the project bot name,
+    # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
+    '****'
+  end
+
  private

  def admin_users_paths

--- a/lib/api/entities/user_safe.rb
+++ b/lib/api/entities/user_safe.rb
@@ -3,20 +3,13 @@
 module API
  module Entities
    class UserSafe < Grape::Entity
+      include UsersHelper
+
      expose :id, :username
      expose :name do |user|
        next user.name unless user.project_bot?

-        if user.groups
-          next user.name if options[:current_user]&.can?(:read_group, user.groups.first)
-        end
-
-        next user.name if options[:current_user]&.can?(:read_project, user.projects.first)
-
-        # If the requester does not have permission to read the project bot name,
-        # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
-        # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
-        '****'
+        secure_project_bot_name(options[:current_user], user)
      end
    end
  end