Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-03 13:11:19 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-03 13:11:19 +0300
commit: 9a1e9397b4e378e052af12c697a9fbfd70a24bf5 (patch)
tree: bda9287282dfaefa0c717f092947f79839e07102 /app/graphql
parent: 9fb816facef888b8fcdbc443af304105c480547b (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/app/graphql/types/user_interface.rb b/app/graphql/types/user_interface.rb
index 8c67275eb73..7cc201b6df4 100644
--- a/app/graphql/types/user_interface.rb
+++ b/app/graphql/types/user_interface.rb
@@ -29,7 +29,10 @@ module Types
     field :name,
           type: GraphQL::Types::String,
           null: false,
-          description: 'Human-readable name of the user.'
+          resolver_method: :redacted_name,
+          description: 'Human-readable name of the user. ' \
+          'Will return `****` if the user is a project bot and the requester does not have permission to read resource access tokens.'
+
     field :state,
           type: Types::UserStateEnum,
           null: false,
@@ -121,5 +124,16 @@ module Types
         ::Types::UserType
       end
     end
+
+    def redacted_name
+      return object.name unless object.project_bot?
+
+      return object.name if context[:current_user]&.can?(:read_resource_access_tokens, object.projects.first)
+
+      # If the requester does not have permission to read the project bot name,
+      # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
+      # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
+      '****'
+    end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-03 13:11:19 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-03 13:11:19 +0300
commit	9a1e9397b4e378e052af12c697a9fbfd70a24bf5 (patch)
tree	bda9287282dfaefa0c717f092947f79839e07102 /app/graphql
parent	9fb816facef888b8fcdbc443af304105c480547b (diff)