diff --git a/app/assets/javascripts/issuable/components/issue_assignees.vue b/app/assets/javascripts/issuable/components/issue_assignees.vue
index 21f35690f6d63a2b71c46ff296ee24b5b89e3b83..49269665d6fd630efb1c35fabfa4140803926a8e 100644
--- a/app/assets/javascripts/issuable/components/issue_assignees.vue
+++ b/app/assets/javascripts/issuable/components/issue_assignees.vue
@@ -91,7 +91,7 @@ export default {
data-qa-selector="assignee_link"
>
<span class="js-assignee-tooltip">
- <span class="bold d-block">{{ s__('Label|Assignee') }}</span> {{ assignee.name }}
+ <span class="bold d-block">{{ s__('Label|Assignee') }}</span> {{ "TEST" }}
<span v-if="assignee.username" class="text-white-50">@{{ assignee.username }}</span>
</span>
</user-avatar-link>
diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb
index 087e4838ed94188de1d649b1f90dafa40a7fd196..b81a5eb840c2ce3bc88c89ad807fc743f297f892 100644
--- a/app/helpers/events_helper.rb
+++ b/app/helpers/events_helper.rb
@@ -68,7 +68,7 @@ def link_to_author(event, self_added: false)
author = event.author
if author
- name = self_added ? _('You') : author.name
+ name = self_added ? 'You' : author.redacted_name(current_user)
link_to name, user_path(author.username), title: name
else
escape_once(event.author_name)
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 4f345fdeb9cd9cd443dc936464ce4c0bd9b9ba34..e9d6f9b87c70e44471932f1ef02f40a84f0fa281 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -155,6 +155,8 @@ def confirm_user_data(user)
def user_display_name(user)
return s_('UserProfile|Blocked user') if user.blocked?
+ return secure_project_bot_name(current_user, user) if user.project_bot?
+
can_read_profile = can?(current_user, :read_user_profile, user)
return s_('UserProfile|Unconfirmed user') unless user.confirmed? || can_read_profile
@@ -172,6 +174,19 @@ def display_public_email?(user)
user.public_email.present?
end
+ def secure_project_bot_name(current_user, user)
+ if user.groups.any?
+ return user.name if current_user&.can?(:read_group, user.groups.first)
+ end
+
+ return user.name if current_user&.can?(:read_project, user.projects.first)
+
+ # If the requester does not have permission to read the project bot name,
+ # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
+ # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
+ '****'
+ end
+
private
def admin_users_paths
diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml
index 7cef87ba19f2355f883349de498abb30f62aa6c5..cff6c4d3a036f7b3ed07e241e12bb064038409f2 100644
--- a/app/views/users/show.html.haml
+++ b/app/views/users/show.html.haml
@@ -54,7 +54,7 @@
= link_to avatar_icon_for_user(@user, 400, current_user: current_user), target: '_blank', rel: 'noopener noreferrer' do
= render Pajamas::AvatarComponent.new(@user, alt: "", size: 96, avatar_options: { itemprop: "image" })
- - if @user.blocked? || !@user.confirmed?
+ - if @user.blocked? || !@user.confirmed? || @user.project_bot?
.user-info
%h1.cover-title
= user_display_name(@user)
diff --git a/spec/helpers/users_helper_spec.rb b/spec/helpers/users_helper_spec.rb
index c2c78be6a0fba149a56e7fdbca41b42ab8867204..c1fa45d79e58e40b8db6141b289ec0df360461e7 100644
--- a/spec/helpers/users_helper_spec.rb
+++ b/spec/helpers/users_helper_spec.rb
@@ -370,6 +370,12 @@ def filter_ee_badges(badges)
it { is_expected.to eq('Blocked user') }
end
+ context 'for a project bot user' do
+ let(:user) { create(:user, :project_bot) }
+
+ it { is_expected.to eq('****') }
+ end
+
def stub_current_user(user)
allow(helper).to receive(:current_user).and_return(user)
end