diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 13:11:19 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 13:11:19 +0300 |
commit | 9a1e9397b4e378e052af12c697a9fbfd70a24bf5 (patch) | |
tree | bda9287282dfaefa0c717f092947f79839e07102 /lib/api | |
parent | 9fb816facef888b8fcdbc443af304105c480547b (diff) |
Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/entities/user_safe.rb | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/api/entities/user_safe.rb b/lib/api/entities/user_safe.rb index feb01767fd6..6006a076020 100644 --- a/lib/api/entities/user_safe.rb +++ b/lib/api/entities/user_safe.rb @@ -3,7 +3,17 @@ module API module Entities class UserSafe < Grape::Entity - expose :id, :name, :username + expose :id, :username + expose :name do |user| + next user.name unless user.project_bot? + + next user.name if options[:current_user]&.can?(:read_resource_access_tokens, user.projects.first) + + # If the requester does not have permission to read the project bot name, + # the API returns an arbitrary string. UI changes will be addressed in a follow up issue: + # https://gitlab.com/gitlab-org/gitlab/-/issues/346058 + '****' + end end end end |