Commit 0c866f4a authored by Michael Kozono's avatar Michael Kozono

Resolve discussions

parent fc061c2e
...@@ -3,7 +3,6 @@ class UsersController < ApplicationController ...@@ -3,7 +3,6 @@ class UsersController < ApplicationController
skip_before_action :authenticate_user! skip_before_action :authenticate_user!
before_action :user, except: [:exists] before_action :user, except: [:exists]
before_action :authorize_read_user!, except: [:exists]
def show def show
respond_to do |format| respond_to do |format|
...@@ -93,14 +92,17 @@ class UsersController < ApplicationController ...@@ -93,14 +92,17 @@ class UsersController < ApplicationController
private private
def authorize_read_user! def user
render_404 unless can?(current_user, :read_user, user) return @user if @user
ensure_canonical_path(user.namespace, params[:username]) @user = User.find_by_full_path(params[:username], follow_redirects: true)
end
def user return render_404 unless @user
@user ||= User.find_by_full_path(params[:username], follow_redirects: true) return render_404 unless can?(current_user, :read_user, @user)
ensure_canonical_path(@user.namespace, params[:username])
@user
end end
def contributed_projects def contributed_projects
......
...@@ -16,7 +16,8 @@ class Route < ActiveRecord::Base ...@@ -16,7 +16,8 @@ class Route < ActiveRecord::Base
scope :direct_descendant_routes, -> (path) { where('routes.path LIKE ? AND routes.path NOT LIKE ?', "#{sanitize_sql_like(path)}/%", "#{sanitize_sql_like(path)}/%/%") } scope :direct_descendant_routes, -> (path) { where('routes.path LIKE ? AND routes.path NOT LIKE ?', "#{sanitize_sql_like(path)}/%", "#{sanitize_sql_like(path)}/%/%") }
def rename_direct_descendant_routes def rename_direct_descendant_routes
if path_changed? || name_changed? return if !path_changed? && !name_changed?
direct_descendant_routes = self.class.direct_descendant_routes(path_was) direct_descendant_routes = self.class.direct_descendant_routes(path_was)
direct_descendant_routes.each do |route| direct_descendant_routes.each do |route|
...@@ -33,7 +34,6 @@ class Route < ActiveRecord::Base ...@@ -33,7 +34,6 @@ class Route < ActiveRecord::Base
route.update(attributes) unless attributes.empty? route.update(attributes) unless attributes.empty?
end end
end end
end
def delete_conflicting_redirects def delete_conflicting_redirects
conflicting_redirects.delete_all conflicting_redirects.delete_all
......
...@@ -335,7 +335,7 @@ class User < ActiveRecord::Base ...@@ -335,7 +335,7 @@ class User < ActiveRecord::Base
def find_by_full_path(path, follow_redirects: false) def find_by_full_path(path, follow_redirects: false)
namespace = Namespace.find_by_full_path(path, follow_redirects: follow_redirects) namespace = Namespace.find_by_full_path(path, follow_redirects: follow_redirects)
namespace.owner if namespace && namespace.owner namespace&.owner
end end
def reference_prefix def reference_prefix
......
# See http://doc.gitlab.com/ce/development/migration_style_guide.html # See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab. # for more information on how to write migrations for GitLab.
# rubocop:disable RemoveIndex
class AddIndexToRedirectRoutes < ActiveRecord::Migration class AddIndexToRedirectRoutes < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers include Gitlab::Database::MigrationHelpers
...@@ -16,7 +15,7 @@ class AddIndexToRedirectRoutes < ActiveRecord::Migration ...@@ -16,7 +15,7 @@ class AddIndexToRedirectRoutes < ActiveRecord::Migration
end end
def down def down
remove_index(:redirect_routes, :path) if index_exists?(:redirect_routes, :path) remove_concurrent_index(:redirect_routes, :path) if index_exists?(:redirect_routes, :path)
remove_index(:redirect_routes, [:source_type, :source_id]) if index_exists?(:redirect_routes, [:source_type, :source_id]) remove_concurrent_index(:redirect_routes, [:source_type, :source_id]) if index_exists?(:redirect_routes, [:source_type, :source_id])
end end
end end
...@@ -84,6 +84,24 @@ describe UsersController do ...@@ -84,6 +84,24 @@ describe UsersController do
expect(response).to redirect_to(user) expect(response).to redirect_to(user)
end end
end end
context 'when a user by that username does not exist' do
context 'when logged out' do
it 'renders 404 (does not redirect to login)' do
get :show, username: 'nonexistent'
expect(response).to have_http_status(404)
end
end
context 'when logged in' do
before { sign_in(user) }
it 'renders 404' do
get :show, username: 'nonexistent'
expect(response).to have_http_status(404)
end
end
end
end end
describe 'GET #calendar' do describe 'GET #calendar' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment