Fix documentation and improve permissions code

820c08ce · Felipe Artur · 7d54e721 · 820c08ce · 820c08ce · 820c08ce
Commit 820c08ce authored Apr 12, 2016 by Felipe Artur
6 changed files
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -120,6 +120,7 @@ class Ability
    def global_abilities(user)
      rules = []
      rules << :create_group if user.can_create_group
+      rules << :read_users_list
      rules
    end


--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -28,7 +28,7 @@
            = level
        %span.help-block#restricted-visibility-help
          Selected levels cannot be used by non-admin users for projects or snippets.
-          If public level is restricted user profiles are not accessible to not logged users.
+          If the public level is restricted, user profiles are only visible to logged in users.
    .form-group
      = f.label :import_sources, class: 'control-label col-sm-2'
      .col-sm-10

--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md)
 or by checking the checkbox on the admin panel. As an administrator, navigate
 to **Admin > Users** to create a new user or edit an existing one. There, you
 will find the option to flag the user as external.
-
-## Restricted visibility levels
-
-Visibility levels can be restricted in admin settings page by administrator, when
-restricting a visibility level groups, projects and snippets are not allowed to be
-created with that visibility setting. If the public visibility level is restricted
-user profiles are accessible to not logged users.
--- a/doc/public_access/public_access.md
+++ b/doc/public_access/public_access.md
@@ -58,6 +58,9 @@ you are logged in or not.
 When visiting the public page of a user, you can only see the projects which
 you are privileged to.

+If the public level is restricted, user profiles are only visible to logged in users.
+
+
 ## Restricting the use of public or internal projects

 In the Admin area under **Settings** (`/admin/application_settings`), you can

--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -79,10 +79,6 @@ module APIGuard
      @current_user
    end

-    def public_access_restricted?
-      current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
-    end
-
    private
    def find_access_token
      @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -11,7 +11,7 @@ module API
      #  GET /users?search=Admin
      #  GET /users?username=root
      get do
-        if !current_user && public_access_restricted?
+        unless can?(current_user, :read_users_list, nil)
          render_api_error!("Not authorized.", 403)
        end