Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
d8dd1c19
Commit
d8dd1c19
authored
Sep 15, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Ensure invitees are not returned in Members API
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
7afee665
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
25 additions
and
17 deletions
+25
-17
CHANGELOG
CHANGELOG
+1
-0
lib/api/access_requests.rb
lib/api/access_requests.rb
+1
-1
lib/api/entities.rb
lib/api/entities.rb
+3
-3
lib/api/members.rb
lib/api/members.rb
+4
-4
spec/requests/api/members_spec.rb
spec/requests/api/members_spec.rb
+16
-9
No files found.
CHANGELOG
View file @
d8dd1c19
...
...
@@ -12,6 +12,7 @@ v 8.12.0 (unreleased)
- Update gitlab shell secret file also when it is empty. !3774 (glensc)
- Give project selection dropdowns responsive width, make non-wrapping.
- Make push events have equal vertical spacing.
- API: Ensure invitees are not returned in Members API.
- Add two-factor recovery endpoint to internal API !5510
- Pass the "Remember me" value to the U2F authentication form
- Remove vendor prefixes for linear-gradient CSS (ClemMakesApps)
...
...
lib/api/access_requests.rb
View file @
d8dd1c19
...
...
@@ -20,7 +20,7 @@ module API
access_requesters
=
paginate
(
source
.
requesters
.
includes
(
:user
))
present
access_requesters
.
map
(
&
:user
),
with:
Entities
::
AccessRequester
,
access_requesters:
access_requesters
present
access_requesters
.
map
(
&
:user
),
with:
Entities
::
AccessRequester
,
source:
source
end
# Request access to the group/project
...
...
lib/api/entities.rb
View file @
d8dd1c19
...
...
@@ -104,18 +104,18 @@ module API
class
Member
<
UserBasic
expose
:access_level
do
|
user
,
options
|
member
=
options
[
:member
]
||
options
[
:
members
].
find
{
|
m
|
m
.
user_id
==
user
.
id
}
member
=
options
[
:member
]
||
options
[
:
source
].
members
.
find_by
(
user_id:
user
.
id
)
member
.
access_level
end
expose
:expires_at
do
|
user
,
options
|
member
=
options
[
:member
]
||
options
[
:
members
].
find
{
|
m
|
m
.
user_id
==
user
.
id
}
member
=
options
[
:member
]
||
options
[
:
source
].
members
.
find_by
(
user_id:
user
.
id
)
member
.
expires_at
end
end
class
AccessRequester
<
UserBasic
expose
:requested_at
do
|
user
,
options
|
access_requester
=
options
[
:access_requester
]
||
options
[
:
access_requesters
].
find
{
|
m
|
m
.
user_id
==
user
.
id
}
access_requester
=
options
[
:access_requester
]
||
options
[
:
source
].
requesters
.
find_by
(
user_id:
user
.
id
)
access_requester
.
requested_at
end
end
...
...
lib/api/members.rb
View file @
d8dd1c19
...
...
@@ -18,11 +18,11 @@ module API
get
":id/members"
do
source
=
find_source
(
source_type
,
params
[
:id
])
members
=
source
.
members
.
includes
(
:user
)
members
=
members
.
joins
(
:user
)
.
merge
(
User
.
search
(
params
[
:query
]))
if
params
[
:query
]
members
=
paginate
(
memb
ers
)
users
=
source
.
users
users
=
users
.
merge
(
User
.
search
(
params
[
:query
]))
if
params
[
:query
]
users
=
paginate
(
us
ers
)
present
members
.
map
(
&
:user
),
with:
Entities
::
Member
,
members:
members
present
users
,
with:
Entities
::
Member
,
source:
source
end
# Get a group/project member
...
...
spec/requests/api/members_spec.rb
View file @
d8dd1c19
...
...
@@ -30,20 +30,27 @@ describe API::Members, api: true do
let
(
:route
)
{
get
api
(
"/
#{
source_type
.
pluralize
}
/
#{
source
.
id
}
/members"
,
stranger
)
}
end
context
'when authenticated as a non-member'
do
%i[access_requester stranger]
.
each
do
|
type
|
context
"as a
#{
type
}
"
do
it
'returns 200'
do
user
=
public_send
(
type
)
get
api
(
"/
#{
source_type
.
pluralize
}
/
#{
source
.
id
}
/members"
,
user
)
%i[master developer access_requester stranger]
.
each
do
|
type
|
context
"when authenticated as a
#{
type
}
"
do
it
'returns 200'
do
user
=
public_send
(
type
)
get
api
(
"/
#{
source_type
.
pluralize
}
/
#{
source
.
id
}
/members"
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
.
size
).
to
eq
(
2
)
end
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
.
size
).
to
eq
(
2
)
end
end
end
it
'does not return invitees'
do
invitee
=
create
(
:"
#{
source_type
}
_member"
,
invite_token:
'123'
,
invite_email:
'test@abc.com'
,
source:
source
,
user:
nil
)
get
api
(
"/
#{
source_type
.
pluralize
}
/
#{
source
.
id
}
/members"
,
developer
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
.
size
).
to
eq
(
2
)
end
it
'finds members with query string'
do
get
api
(
"/
#{
source_type
.
pluralize
}
/
#{
source
.
id
}
/members"
,
developer
),
query:
master
.
username
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment