Commit 79611ed1 authored by Serena Fang's avatar Serena Fang Committed by Douglas Barbosa Alexandre

Apply reviewer suggestions

parent de35bb22
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
module Types module Types
module UserInterface module UserInterface
include Types::BaseInterface include Types::BaseInterface
include UsersHelper
graphql_name 'User' graphql_name 'User'
description 'Representation of a GitLab user.' description 'Representation of a GitLab user.'
...@@ -136,16 +137,7 @@ module Types ...@@ -136,16 +137,7 @@ module Types
def redacted_name def redacted_name
return object.name unless object.project_bot? return object.name unless object.project_bot?
if object.groups secure_project_bot_name(context[:current_user], object)
return object.name if context[:current_user]&.can?(:read_group, object.groups.first)
end
return object.name if context[:current_user]&.can?(:read_project, object.projects.first)
# If the requester does not have permission to read the project bot name,
# the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
# https://gitlab.com/gitlab-org/gitlab/-/issues/346058
'****'
end end
end end
end end
...@@ -176,6 +176,19 @@ module UsersHelper ...@@ -176,6 +176,19 @@ module UsersHelper
user.public_email.present? user.public_email.present?
end end
def secure_project_bot_name(current_user, user)
if user.groups.any?
return user.name if current_user&.can?(:read_group, user.groups.first)
end
return user.name if current_user&.can?(:read_project, user.projects.first)
# If the requester does not have permission to read the project bot name,
# the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
# https://gitlab.com/gitlab-org/gitlab/-/issues/346058
'****'
end
private private
def admin_users_paths def admin_users_paths
......
...@@ -3,20 +3,13 @@ ...@@ -3,20 +3,13 @@
module API module API
module Entities module Entities
class UserSafe < Grape::Entity class UserSafe < Grape::Entity
include UsersHelper
expose :id, :username expose :id, :username
expose :name do |user| expose :name do |user|
next user.name unless user.project_bot? next user.name unless user.project_bot?
if user.groups secure_project_bot_name(options[:current_user], user)
next user.name if options[:current_user]&.can?(:read_group, user.groups.first)
end
next user.name if options[:current_user]&.can?(:read_project, user.projects.first)
# If the requester does not have permission to read the project bot name,
# the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
# https://gitlab.com/gitlab-org/gitlab/-/issues/346058
'****'
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment