Commit 09a348eb authored by Rémy Coutable's avatar Rémy Coutable

Include the `is_admin` field in the `GET /users/:id` API when current user is an admin

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 810c44ae
---
title: Include the `is_admin` field in the `GET /users/:id` API when current user
is an admin
merge_request:
author:
type: fixed
...@@ -79,22 +79,17 @@ module API ...@@ -79,22 +79,17 @@ module API
end end
desc 'Get a single user' do desc 'Get a single user' do
success Entities::UserBasic success Entities::User
end end
params do params do
requires :id, type: Integer, desc: 'The ID of the user' requires :id, type: Integer, desc: 'The ID of the user'
end end
get ":id" do get ":id" do
user = User.find_by(id: params[:id]) user = User.find_by(id: params[:id])
not_found!('User') unless user not_found!('User') unless user && can?(current_user, :read_user, user)
if current_user && current_user.admin? opts = current_user&.admin? ? { with: Entities::UserWithAdmin } : {}
present user, with: Entities::UserPublic present user, opts
elsif can?(current_user, :read_user, user)
present user, with: Entities::User
else
render_api_error!("User not found.", 404)
end
end end
desc 'Create a user. Available only for admins.' do desc 'Create a user. Available only for admins.' do
......
...@@ -217,9 +217,19 @@ describe API::Users do ...@@ -217,9 +217,19 @@ describe API::Users do
it "does not return the user's `is_admin` flag" do it "does not return the user's `is_admin` flag" do
get api("/users/#{user.id}", user) get api("/users/#{user.id}", user)
expect(response).to have_http_status(200)
expect(json_response['is_admin']).to be_nil expect(json_response['is_admin']).to be_nil
end end
context 'when authenticated as admin' do
it 'includes the `is_admin` field' do
get api("/users/#{user.id}", admin)
expect(response).to have_http_status(200)
expect(json_response['is_admin']).to be(false)
end
end
context 'for an anonymous user' do context 'for an anonymous user' do
it "returns a user by id" do it "returns a user by id" do
get api("/users/#{user.id}") get api("/users/#{user.id}")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment