Merge branch '36213-return-is_admin-in-users-api-when-current_user-is-admin' into 'master'

Include the `is_admin` field in the `GET /users/:id` API when current user is an admin

Closes #36213

See merge request !13501

changelogs/unreleased/36213-return-is_admin-in-users-api-when-current_user-is-admin.yml

+---
+title: Include the `is_admin` field in the `GET /users/:id` API when current user
+  is an admin
+merge_request:
+author:
+type: fixed

lib/api/users.rb

@@ -79,22 +79,17 @@ module API
       end
 
       desc 'Get a single user' do
-        success Entities::UserBasic
+        success Entities::User
       end
       params do
         requires :id, type: Integer, desc: 'The ID of the user'
       end
       get ":id" do
         user = User.find_by(id: params[:id])
-        not_found!('User') unless user
+        not_found!('User') unless user && can?(current_user, :read_user, user)
 
-        if current_user && current_user.admin?
-          present user, with: Entities::UserPublic
-        elsif can?(current_user, :read_user, user)
-          present user, with: Entities::User
-        else
-          render_api_error!("User not found.", 404)
-        end
+        opts = current_user&.admin? ? { with: Entities::UserWithAdmin } : {}
+        present user, opts
       end
 
       desc 'Create a user. Available only for admins.' do

spec/requests/api/users_spec.rb

@@ -217,9 +217,19 @@ describe API::Users do
     it "does not return the user's `is_admin` flag" do
       get api("/users/#{user.id}", user)
 
+      expect(response).to have_http_status(200)
       expect(json_response['is_admin']).to be_nil
     end
 
+    context 'when authenticated as admin' do
+      it 'includes the `is_admin` field' do
+        get api("/users/#{user.id}", admin)
+
+        expect(response).to have_http_status(200)
+        expect(json_response['is_admin']).to be(false)
+      end
+    end
+
     context 'for an anonymous user' do
       it "returns a user by id" do
         get api("/users/#{user.id}")