Skip to content

G
gitlab-ce
Commit 4c684a8d authored by Alexis Reigel's avatar Alexis Reigel
Browse files
Options

check ability for user search results

parent b4437cfa
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 0 deletions
lib/gitlab/search_results.rb
View file @ 4c684a8d
......@@ -138,6 +138,8 @@ module Gitlab
# rubocop: enable CodeReuse/ActiveRecord
def users
return User.none unless Ability.allowed?(current_user, :read_users_list)
UsersFinder.new(current_user, search: query).execute
end
......
spec/lib/gitlab/search_results_spec.rb
View file @ 4c684a8d
......@@ -123,6 +123,14 @@ describe Gitlab::SearchResults do
end
describe '#users' do
it 'does not call the UsersFinder when the current_user is not allowed to read users list' do
allow(Ability).to receive(:allowed?).and_return(false)
expect(UsersFinder).not_to receive(:new).with(user, search: 'foo').and_call_original
results.objects('users')
end
it 'calls the UsersFinder' do
expect(UsersFinder).to receive(:new).with(user, search: 'foo').and_call_original
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7