Skip to content

Allow non-admin access to user activities

Alex Buijs requested to merge allow-non-admin-access-to-user-activities into master

What does this MR do and why?

Allow non-admin access to user activities of users with a public profile.

Any logged in user is able to view member last_activity from the member view. However, to view member activity via the API this requires administrative rights. Users who don't have admin privileges feel that since they can see this information in the UI they should be able to access this via the API as well using their own API credentials.

Issue: #437134 (closed)

How to set up and validate locally

  1. As a guest user, create and copy an application token
  2. Make the following API request:
    curl http://localhost:3000/api/v4/user/activities -H 'PRIVATE-TOKEN: #{token}'
  3. Verify the response is something like:
     [
         {
             "username": "guest_user",
             "last_activity_on": "2024-01-15",
             "last_activity_at": "2024-01-15"
         }
     ]
Edited by Alex Buijs

Merge request reports

Loading