Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/serializers/member_user_entity.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-06-29 17:14:01 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2022-06-29 17:14:01 +0300
commita5baa12bfff6c41f6c9cf156edcf8e621f71848e (patch)
tree1a7f51da1300bca04a1bd070f12e66bc4955c832 /app/serializers/member_user_entity.rb
parentbb51b8a098aa17b226d1e7941218512f8c835e08 (diff)
Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee
Diffstat (limited to 'app/serializers/member_user_entity.rb')
-rw-r--r--app/serializers/member_user_entity.rb14
1 files changed, 13 insertions, 1 deletions
diff --git a/app/serializers/member_user_entity.rb b/app/serializers/member_user_entity.rb
index b3d8efc9143..6a01c5bb297 100644
--- a/app/serializers/member_user_entity.rb
+++ b/app/serializers/member_user_entity.rb
@@ -16,7 +16,7 @@ class MemberUserEntity < UserEntity
user.blocked?
end
- expose :two_factor_enabled do |user|
+ expose :two_factor_enabled, if: -> (user) { current_user_can_manage_members? || current_user?(user) } do |user|
user.two_factor_enabled?
end
@@ -25,6 +25,18 @@ class MemberUserEntity < UserEntity
user.status.emoji
end
end
+
+ private
+
+ def current_user_can_manage_members?
+ return false unless options[:source]
+
+ Ability.allowed?(options[:current_user], :"admin_#{options[:source].to_ability_name}_member", options[:source])
+ end
+
+ def current_user?(user)
+ options[:current_user] == user
+ end
end
MemberUserEntity.prepend_mod_with('MemberUserEntity')
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 12:17:55 +0300