From a0cbd85debbe6bdb004cb9a4fb09fbf22c3a1c81 Mon Sep 17 00:00:00 2001
From: Mitsuhiro Tanino <mitsuhiro.tanino@hds.com>
Date: Tue, 1 Nov 2016 10:49:59 -0400
Subject: [PATCH] Enable none admin users to get users list from REST API

---
 app/controllers/users_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 51f6af6..644e996 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -18,7 +18,8 @@
 class UsersController < ApplicationController
   layout 'admin'
 
-  before_action :require_admin, :except => :show
+  before_action :require_admin, :except => [:show, :index]
+  before_action :require_admin_or_api_request, :only => :index
   before_action :find_user, :only => [:show, :edit, :update, :destroy]
   accept_api_auth :index, :show, :create, :update, :destroy
 
-- 
2.5.5