diff options
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index eeb5244466a..d540978931e 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -143,7 +143,12 @@ module API forbidden!('Not authorized!') unless current_user if Feature.enabled?(:rate_limit_user_by_id_endpoint, type: :development) - check_rate_limit! :users_get_by_id, scope: current_user unless current_user.admin? + unless current_user.admin? + check_rate_limit!(:users_get_by_id, + scope: current_user, + users_allowlist: Gitlab::CurrentSettings.current_application_settings.users_get_by_id_limit_allowlist + ) + end end user = User.find_by(id: params[:id]) |