Commit b05f0a48 authored by Felipe's avatar Felipe

Restrict user profiles based on restricted visibility levels

parent 5ae4fd21
class UsersController < ApplicationController
skip_before_action :authenticate_user!
before_action :set_user
before_filter :authorize_read_user, only: [:show]
def show
respond_to do |format|
......@@ -74,6 +75,9 @@ class UsersController < ApplicationController
end
private
def authorize_read_user
render_404 unless @user.public?
end
def set_user
@user = User.find_by_username!(params[:username])
......
......@@ -835,6 +835,10 @@ class User < ActiveRecord::Base
notification_settings.find_or_initialize_by(source: source)
end
def public?
current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
end
private
def projects_union
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment