diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-05-05 00:20:13 +0300 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2017-05-05 22:12:50 +0300 |
| commit | 9e48f02ea802814e4df1f1de5ed509942dca7581 (patch) | |
| tree | e1bcb152e7951e1bbd94d6a8333fd475dcfaf577 /app/controllers/users_controller.rb | |
| parent | e4bcc90d95fa3b78544cb9ddd6019a5f914c1628 (diff) | |
Dry up routable lookups. Fixes #30317
Note: This changes the behavior of user lookups (see the spec change) so it acts the same way as groups and projects. Unauthenticated clients attempting to access a user page will be redirected to login whether the user exists and is publicly restricted, or does not exist at all.
Diffstat (limited to 'app/controllers/users_controller.rb')
| -rw-r--r-- | app/controllers/users_controller.rb | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 67783866c3f..ca89ed221c6 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -93,16 +93,7 @@ class UsersController < ApplicationController private def user - return @user if @user - - @user = User.find_by_full_path(params[:username], follow_redirects: true) - - return render_404 unless @user - return render_404 unless can?(current_user, :read_user, @user) - - ensure_canonical_path(@user.namespace, params[:username]) - - @user + @user ||= find_routable!(User, params[:username]) end def contributed_projects |