Move profiles/keys#get_keys to users#ssh_keys on Web UI with keeping the feature publicly accessible
Once !35507 (merged) moved profiles/keys#get_keys
to users#ssh_keys
on Web UI (%13.2), but it changed the behavior for non-logged in users, !42288 (merged) reverted that to keep the feature publicly accessible.
For code maintainability, it is still better to move profiles/keys#get_keys to users#ssh_keys on Web UI with keeping the feature publicly accessible.
Why?
As the API for List SSH keys for user
has /users/:id_or_username/keys
, we should align this Web UI endpoint with the counterpart API endpoint.
security & ~"technical debt": All Profiles::*Controllers
are designed only for operations the logged-in and own user. Having skip_before_action :authenticate_user!
to some action there can potentially be a security hole.
Edited by Takuya Noguchi