From f5e8337c7bb7e218303a713440e31f44a66471d7 Mon Sep 17 00:00:00 2001
From: Semyon Pupkov <mail@semyonpupkov.com>
Date: Tue, 29 Nov 2016 14:49:43 +0500
Subject: [PATCH] Do not raise error in AutocompleteController#users when not
 authorized

https://gitlab.com/gitlab-org/gitlab-ce/issues/25031
---
 app/controllers/autocomplete_controller.rb               | 2 +-
 .../25031-do-not-raise-error-in-autocomplete.yml         | 4 ++++
 spec/controllers/autocomplete_controller_spec.rb         | 9 +++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 5c44637fdee..5f13353baa1 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -11,7 +11,7 @@ class AutocompleteController < ApplicationController
     @users = @users.reorder(:name)
     @users = @users.page(params[:page])
 
-    if params[:todo_filter].present?
+    if params[:todo_filter].present? && current_user
       @users = @users.todo_authors(current_user.id, params[:todo_state_filter])
     end
 
diff --git a/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml b/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml
new file mode 100644
index 00000000000..862de7c5db1
--- /dev/null
+++ b/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml
@@ -0,0 +1,4 @@
+---
+title: Do not raise error in AutocompleteController#users when not authorized
+merge_request: 7817
+author: Semyon Pupkov
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index 0d1545040f1..ea2fd90a9b0 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -144,6 +144,15 @@ describe AutocompleteController do
         it { expect(body).to be_kind_of(Array) }
         it { expect(body.size).to eq 0 }
       end
+
+      describe 'GET #users with todo filter' do
+        it 'gives an array of users' do
+          get :users, todo_filter: true
+
+          expect(response.status).to eq 200
+          expect(body).to be_kind_of(Array)
+        end
+      end
     end
 
     context 'author of issuable included' do
-- 
GitLab