Commit 820c08ce authored by Felipe Artur's avatar Felipe Artur

Fix documentation and improve permissions code

parent 7d54e721
...@@ -120,6 +120,7 @@ class Ability ...@@ -120,6 +120,7 @@ class Ability
def global_abilities(user) def global_abilities(user)
rules = [] rules = []
rules << :create_group if user.can_create_group rules << :create_group if user.can_create_group
rules << :read_users_list
rules rules
end end
......
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
= level = level
%span.help-block#restricted-visibility-help %span.help-block#restricted-visibility-help
Selected levels cannot be used by non-admin users for projects or snippets. Selected levels cannot be used by non-admin users for projects or snippets.
If public level is restricted user profiles are not accessible to not logged users. If the public level is restricted, user profiles are only visible to logged in users.
.form-group .form-group
= f.label :import_sources, class: 'control-label col-sm-2' = f.label :import_sources, class: 'control-label col-sm-2'
.col-sm-10 .col-sm-10
......
...@@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md) ...@@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md)
or by checking the checkbox on the admin panel. As an administrator, navigate or by checking the checkbox on the admin panel. As an administrator, navigate
to **Admin > Users** to create a new user or edit an existing one. There, you to **Admin > Users** to create a new user or edit an existing one. There, you
will find the option to flag the user as external. will find the option to flag the user as external.
## Restricted visibility levels
Visibility levels can be restricted in admin settings page by administrator, when
restricting a visibility level groups, projects and snippets are not allowed to be
created with that visibility setting. If the public visibility level is restricted
user profiles are accessible to not logged users.
...@@ -58,6 +58,9 @@ you are logged in or not. ...@@ -58,6 +58,9 @@ you are logged in or not.
When visiting the public page of a user, you can only see the projects which When visiting the public page of a user, you can only see the projects which
you are privileged to. you are privileged to.
If the public level is restricted, user profiles are only visible to logged in users.
## Restricting the use of public or internal projects ## Restricting the use of public or internal projects
In the Admin area under **Settings** (`/admin/application_settings`), you can In the Admin area under **Settings** (`/admin/application_settings`), you can
......
...@@ -79,10 +79,6 @@ module APIGuard ...@@ -79,10 +79,6 @@ module APIGuard
@current_user @current_user
end end
def public_access_restricted?
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
end
private private
def find_access_token def find_access_token
@access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods) @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
......
...@@ -11,7 +11,7 @@ module API ...@@ -11,7 +11,7 @@ module API
# GET /users?search=Admin # GET /users?search=Admin
# GET /users?username=root # GET /users?username=root
get do get do
if !current_user && public_access_restricted? unless can?(current_user, :read_users_list, nil)
render_api_error!("Not authorized.", 403) render_api_error!("Not authorized.", 403)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment