Commit 820c08ce authored by Felipe's avatar Felipe

Fix documentation and improve permissions code

parent 7d54e721
......@@ -120,6 +120,7 @@ class Ability
def global_abilities(user)
rules = []
rules << :create_group if user.can_create_group
rules << :read_users_list
rules
end
......
......@@ -28,7 +28,7 @@
= level
%span.help-block#restricted-visibility-help
Selected levels cannot be used by non-admin users for projects or snippets.
If public level is restricted user profiles are not accessible to not logged users.
If the public level is restricted, user profiles are only visible to logged in users.
.form-group
= f.label :import_sources, class: 'control-label col-sm-2'
.col-sm-10
......
......@@ -93,10 +93,3 @@ An administrator can flag a user as external [through the API](../api/users.md)
or by checking the checkbox on the admin panel. As an administrator, navigate
to **Admin > Users** to create a new user or edit an existing one. There, you
will find the option to flag the user as external.
## Restricted visibility levels
Visibility levels can be restricted in admin settings page by administrator, when
restricting a visibility level groups, projects and snippets are not allowed to be
created with that visibility setting. If the public visibility level is restricted
user profiles are accessible to not logged users.
......@@ -58,6 +58,9 @@ you are logged in or not.
When visiting the public page of a user, you can only see the projects which
you are privileged to.
If the public level is restricted, user profiles are only visible to logged in users.
## Restricting the use of public or internal projects
In the Admin area under **Settings** (`/admin/application_settings`), you can
......
......@@ -79,10 +79,6 @@ module APIGuard
@current_user
end
def public_access_restricted?
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
end
private
def find_access_token
@access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
......
......@@ -11,7 +11,7 @@ module API
# GET /users?search=Admin
# GET /users?username=root
get do
if !current_user && public_access_restricted?
unless can?(current_user, :read_users_list, nil)
render_api_error!("Not authorized.", 403)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment