Fix documentation and improve permissions code

author: Felipe Artur <felipefac@gmail.com> 2016-04-12 18:04:33 +0300
committer: Felipe Artur <felipefac@gmail.com> 2016-04-18 17:12:28 +0300
commit: 820c08cefd78e593e94012061be29000d523ffd0 (patch)
tree: f50d16d6b6d7abe68e891f930d805091e5c5fcc8 /lib/api
parent: 7d54e721da0ccd21f0150bbb6ab60b51970033c2 (diff)
2 files changed, 1 insertions, 5 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 6ce5529abfa..b9994fcefda 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -79,10 +79,6 @@ module APIGuard
       @current_user
     end
 
-    def public_access_restricted?
-      current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
-    end
-
     private
     def find_access_token
       @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 9647a40686e..315268fc0ca 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -11,7 +11,7 @@ module API
       #  GET /users?search=Admin
       #  GET /users?username=root
       get do
-        if !current_user && public_access_restricted?
+        unless can?(current_user, :read_users_list, nil)
           render_api_error!("Not authorized.", 403)
         end
author	Felipe Artur <felipefac@gmail.com>	2016-04-12 18:04:33 +0300
committer	Felipe Artur <felipefac@gmail.com>	2016-04-18 17:12:28 +0300
commit	820c08cefd78e593e94012061be29000d523ffd0 (patch)
tree	f50d16d6b6d7abe68e891f930d805091e5c5fcc8 /lib/api
parent	7d54e721da0ccd21f0150bbb6ab60b51970033c2 (diff)