Allow non-admin access to user activities (!141767) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge allow-non-admin-access-to-user-activities into master Jan 15, 2024

What does this MR do and why?

Allow non-admin access to user activities of users with a public profile.

Any logged in user is able to view member last_activity from the member view. However, to view member activity via the API this requires administrative rights. Users who don't have admin privileges feel that since they can see this information in the UI they should be able to access this via the API as well using their own API credentials.

Issue: #437134 (closed)

How to set up and validate locally

As a guest user, create and copy an application token

Make the following API request:

curl http://localhost:3000/api/v4/user/activities -H 'PRIVATE-TOKEN: #{token}'

Verify the response is something like:

 [
     {
         "username": "guest_user",
         "last_activity_on": "2024-01-15",
         "last_activity_at": "2024-01-15"
     }
 ]

Edited Jan 18, 2024 by Alex Buijs

Allow non-admin access to user activities

What does this MR do and why?

How to set up and validate locally

Merge request reports