class AutocompleteController < ApplicationController skip_before_action :authenticate_user!, only: [:users] def users begin @users = if params[:project_id].present? project = Project.find(params[:project_id]) if can?(current_user, :read_project, project) project.team.users end elsif params[:group_id] group = Group.find(params[:group_id]) if can?(current_user, :read_group, group) group.users end elsif current_user User.all end rescue ActiveRecord::RecordNotFound if current_user return render json: {}, status: 404 end end if @users.nil? && current_user.nil? authenticate_user! end @users ||= User.none @users = @users.non_ldap if params[:skip_ldap] == 'true' @users = @users.search(params[:search]) if params[:search].present? @users = @users.active @users = @users.reorder(:name) if params[:push_code_to_protected_branches] && project @users = @users.to_a.select { |user| user.can?(:push_code_to_protected_branches, project) }.take(PER_PAGE) else @users = @users.page(params[:page]).per(PER_PAGE) end unless params[:search].present? # Include current user if available to filter by "Me" if params[:current_user] && current_user @users = [*@users, current_user].uniq end end render json: @users, only: [:name, :username, :id], methods: [:avatar_url] end def user @user = User.find(params[:id]) render json: @user, only: [:name, :username, :id], methods: [:avatar_url] end end