diff options
author | Robert Speicher <robert@gitlab.com> | 2017-05-08 00:15:06 +0300 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2017-05-31 06:46:45 +0300 |
commit | e0833d68175d16d1606a1fed77e92425e5086527 (patch) | |
tree | ab79c9aa72903c5fd011643957043877faef82cf /app | |
parent | 960d0fda54f75ca6e856686f826cf2ef37d4eff5 (diff) |
Merge branch 'dz-restrict-autocomplete' into 'security-9-1'
Allow users autocomplete by author_id only for authenticated users
See merge request !2100
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/autocomplete_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb index d7a45bacd35..a71fbb91f42 100644 --- a/app/controllers/autocomplete_controller.rb +++ b/app/controllers/autocomplete_controller.rb @@ -22,7 +22,7 @@ class AutocompleteController < ApplicationController @users = [current_user, *@users] end - if params[:author_id].present? + if params[:author_id].present? && current_user author = User.find_by_id(params[:author_id]) @users = [author, *@users].uniq if author end |