Commit 7fa72910 authored by Serena Fang's avatar Serena Fang Committed by Douglas Barbosa Alexandre

Users who can read group should read group token

Changelog: fixed
parent 86a01c36
...@@ -136,6 +136,10 @@ module Types ...@@ -136,6 +136,10 @@ module Types
def redacted_name def redacted_name
return object.name unless object.project_bot? return object.name unless object.project_bot?
if object.groups
return object.name if context[:current_user]&.can?(:read_group, object.groups.first)
end
return object.name if context[:current_user]&.can?(:read_project, object.projects.first) return object.name if context[:current_user]&.can?(:read_project, object.projects.first)
# If the requester does not have permission to read the project bot name, # If the requester does not have permission to read the project bot name,
......
...@@ -11,6 +11,10 @@ module API ...@@ -11,6 +11,10 @@ module API
current_user = request.respond_to?(:current_user) ? request.current_user : options.fetch(:current_user, nil) current_user = request.respond_to?(:current_user) ? request.current_user : options.fetch(:current_user, nil)
if user.groups
next user.name if current_user&.can?(:read_group, user.groups.first)
end
next user.name if current_user&.can?(:read_project, user.projects.first) next user.name if current_user&.can?(:read_project, user.projects.first)
# If the requester does not have permission to read the project bot name, # If the requester does not have permission to read the project bot name,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment