diff options
Diffstat (limited to 'lib/api/users.rb')
| -rw-r--r-- | lib/api/users.rb | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb index 6d4f12d80f8..0f710e0a307 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -142,13 +142,11 @@ module API get ":id", feature_category: :users do forbidden!('Not authorized!') unless current_user - if Feature.enabled?(:rate_limit_user_by_id_endpoint, type: :development) - unless current_user.admin? - check_rate_limit!(:users_get_by_id, - scope: current_user, - users_allowlist: Gitlab::CurrentSettings.current_application_settings.users_get_by_id_limit_allowlist - ) - end + unless current_user.admin? + check_rate_limit!(:users_get_by_id, + scope: current_user, + users_allowlist: Gitlab::CurrentSettings.current_application_settings.users_get_by_id_limit_allowlist + ) end user = User.find_by(id: params[:id]) @@ -383,6 +381,23 @@ module API present paginate(keys), with: Entities::SSHKey end + desc 'Get a SSH key of a specified user.' do + success Entities::SSHKey + end + params do + requires :id, type: Integer, desc: 'The ID of the user' + requires :key_id, type: Integer, desc: 'The ID of the SSH key' + end + get ':id/keys/:key_id', requirements: API::USER_REQUIREMENTS, feature_category: :authentication_and_authorization do + user = find_user(params[:id]) + not_found!('User') unless user && can?(current_user, :read_user, user) + + key = user.keys.find_by(id: params[:key_id]) # rubocop: disable CodeReuse/ActiveRecord + not_found!('Key') unless key + + present key, with: Entities::SSHKey + end + desc 'Delete an existing SSH key from a specified user. Available only for admins.' do success Entities::SSHKey end @@ -687,6 +702,8 @@ module API if user.ldap_blocked? forbidden!('LDAP blocked users cannot be modified by the API') + elsif current_user == user + forbidden!('The API initiating user cannot be blocked by the API') end break if user.blocked? |