Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-03 13:11:19 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-03 13:11:19 +0300
commit: 9a1e9397b4e378e052af12c697a9fbfd70a24bf5 (patch)
tree: bda9287282dfaefa0c717f092947f79839e07102 /lib/api
parent: 9fb816facef888b8fcdbc443af304105c480547b (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/api/entities/user_safe.rb b/lib/api/entities/user_safe.rb
index feb01767fd6..6006a076020 100644
--- a/lib/api/entities/user_safe.rb
+++ b/lib/api/entities/user_safe.rb
@@ -3,7 +3,17 @@
 module API
   module Entities
     class UserSafe < Grape::Entity
-      expose :id, :name, :username
+      expose :id, :username
+      expose :name do |user|
+        next user.name unless user.project_bot?
+
+        next user.name if options[:current_user]&.can?(:read_resource_access_tokens, user.projects.first)
+
+        # If the requester does not have permission to read the project bot name,
+        # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
+        # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
+        '****'
+      end
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-03 13:11:19 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-03 13:11:19 +0300
commit	9a1e9397b4e378e052af12c697a9fbfd70a24bf5 (patch)
tree	bda9287282dfaefa0c717f092947f79839e07102 /lib/api
parent	9fb816facef888b8fcdbc443af304105c480547b (diff)