Commit b05f0a48 authored by Felipe Artur's avatar Felipe Artur

Restrict user profiles based on restricted visibility levels

parent 5ae4fd21
class UsersController < ApplicationController class UsersController < ApplicationController
skip_before_action :authenticate_user! skip_before_action :authenticate_user!
before_action :set_user before_action :set_user
before_filter :authorize_read_user, only: [:show]
def show def show
respond_to do |format| respond_to do |format|
...@@ -74,6 +75,9 @@ class UsersController < ApplicationController ...@@ -74,6 +75,9 @@ class UsersController < ApplicationController
end end
private private
def authorize_read_user
render_404 unless @user.public?
end
def set_user def set_user
@user = User.find_by_username!(params[:username]) @user = User.find_by_username!(params[:username])
......
...@@ -835,6 +835,10 @@ class User < ActiveRecord::Base ...@@ -835,6 +835,10 @@ class User < ActiveRecord::Base
notification_settings.find_or_initialize_by(source: source) notification_settings.find_or_initialize_by(source: source)
end end
def public?
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
end
private private
def projects_union def projects_union
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment