Allow logged in users to read user list under public restriction (!13201) · Merge requests · GitLab.org / GitLab FOSS

username-removed-423915 requested to merge 35697-allow-logged-in-user-to-read-user-list into master Jul 31, 2017

What does this MR do?

Allow logged in users to read user list under public restriction

Are there points in the code the reviewer needs to double check?

The description for "Restricted visibility":

Selected levels cannot be used by non-admin users for projects or snippets. If the public level is restricted, user profiles are only visible to logged in users.

Which can be found in https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/public_access/public_access.md#restricting-the-use-of-public-or-internal-projects

I can't exactly tell what it does mean. The original code cared only about "public" visibility. Should we consider "internal" and "private" as well? It looks to me like if it's "public", then it requires a logging in user. If it's "internal" or "private", then no one should be able to do so except admins.

However it's unclear if this is desired. For now I would just fix it by allowing logged in users to read if it's "public".

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Documentation created/updated
Tests
- Added for this feature/bug

What are the relevant issue numbers?

Closes #35697 (closed)

Edited Jul 31, 2017 by username-removed-423915

Admin message