Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0e747806
Commit
0e747806
authored
Jun 20, 2017
by
Mike Ricketts
Committed by
Rémy Coutable
Jun 20, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Re-instate is_admin flag in users API is current user is an admin
parent
745d46bc
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
53 additions
and
4 deletions
+53
-4
changelogs/unreleased/33260-allow-admins-to-list-admins.yml
changelogs/unreleased/33260-allow-admins-to-list-admins.yml
+4
-0
doc/api/users.md
doc/api/users.md
+3
-0
lib/api/entities.rb
lib/api/entities.rb
+5
-2
lib/api/users.rb
lib/api/users.rb
+1
-1
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+8
-1
spec/requests/api/v3/users_spec.rb
spec/requests/api/v3/users_spec.rb
+32
-0
No files found.
changelogs/unreleased/33260-allow-admins-to-list-admins.yml
0 → 100644
View file @
0e747806
---
title
:
Reinstate is_admin flag in users api when authenticated user is an admin
merge_request
:
12211
author
:
rickettm
doc/api/users.md
View file @
0e747806
...
...
@@ -62,6 +62,7 @@ GET /users
"avatar_url"
:
"http://localhost:3000/uploads/user/avatar/1/index.jpg"
,
"web_url"
:
"http://localhost:3000/john_smith"
,
"created_at"
:
"2012-05-23T08:00:58Z"
,
"is_admin"
:
false
,
"bio"
:
null
,
"location"
:
null
,
"skype"
:
""
,
...
...
@@ -94,6 +95,7 @@ GET /users
"avatar_url"
:
"http://localhost:3000/uploads/user/avatar/2/index.jpg"
,
"web_url"
:
"http://localhost:3000/jack_smith"
,
"created_at"
:
"2012-05-23T08:01:01Z"
,
"is_admin"
:
false
,
"bio"
:
null
,
"location"
:
null
,
"skype"
:
""
,
...
...
@@ -197,6 +199,7 @@ Parameters:
"avatar_url"
:
"http://localhost:3000/uploads/user/avatar/1/index.jpg"
,
"web_url"
:
"http://localhost:3000/john_smith"
,
"created_at"
:
"2012-05-23T08:00:58Z"
,
"is_admin"
:
false
,
"bio"
:
null
,
"location"
:
null
,
"skype"
:
""
,
...
...
lib/api/entities.rb
View file @
0e747806
...
...
@@ -43,11 +43,14 @@ module API
expose
:external
end
class
UserWithPrivateDetails
<
UserPublic
expose
:private_token
class
UserWithAdmin
<
UserPublic
expose
:admin?
,
as: :is_admin
end
class
UserWithPrivateDetails
<
UserWithAdmin
expose
:private_token
end
class
Email
<
Grape
::
Entity
expose
:id
,
:email
end
...
...
lib/api/users.rb
View file @
0e747806
...
...
@@ -59,7 +59,7 @@ module API
users
=
UsersFinder
.
new
(
current_user
,
params
).
execute
entity
=
current_user
.
admin?
?
Entities
::
User
Public
:
Entities
::
UserBasic
entity
=
current_user
.
admin?
?
Entities
::
User
WithAdmin
:
Entities
::
UserBasic
present
paginate
(
users
),
with:
entity
end
...
...
spec/requests/api/users_spec.rb
View file @
0e747806
...
...
@@ -11,7 +11,7 @@ describe API::Users do
let
(
:not_existing_user_id
)
{
(
User
.
maximum
(
'id'
)
||
0
)
+
10
}
let
(
:not_existing_pat_id
)
{
(
PersonalAccessToken
.
maximum
(
'id'
)
||
0
)
+
10
}
describe
"GET /users"
do
describe
'GET /users'
do
context
"when unauthenticated"
do
it
"returns authentication error"
do
get
api
(
"/users"
)
...
...
@@ -76,6 +76,12 @@ describe API::Users do
expect
(
response
).
to
have_http_status
(
403
)
end
it
'does not reveal the `is_admin` flag of the user'
do
get
api
(
'/users'
,
user
)
expect
(
json_response
.
first
.
keys
).
not_to
include
'is_admin'
end
end
context
"when admin"
do
...
...
@@ -92,6 +98,7 @@ describe API::Users do
expect
(
json_response
.
first
.
keys
).
to
include
'two_factor_enabled'
expect
(
json_response
.
first
.
keys
).
to
include
'last_sign_in_at'
expect
(
json_response
.
first
.
keys
).
to
include
'confirmed_at'
expect
(
json_response
.
first
.
keys
).
to
include
'is_admin'
end
it
"returns an array of external users"
do
...
...
spec/requests/api/v3/users_spec.rb
View file @
0e747806
...
...
@@ -7,6 +7,38 @@ describe API::V3::Users do
let
(
:email
)
{
create
(
:email
,
user:
user
)
}
let
(
:ldap_blocked_user
)
{
create
(
:omniauth_user
,
provider:
'ldapmain'
,
state:
'ldap_blocked'
)
}
describe
'GET /users'
do
context
'when authenticated'
do
it
'returns an array of users'
do
get
v3_api
(
'/users'
,
user
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
include_pagination_headers
expect
(
json_response
).
to
be_an
Array
username
=
user
.
username
expect
(
json_response
.
detect
do
|
user
|
user
[
'username'
]
==
username
end
[
'username'
]).
to
eq
(
username
)
end
end
context
'when authenticated as user'
do
it
'does not reveal the `is_admin` flag of the user'
do
get
v3_api
(
'/users'
,
user
)
expect
(
json_response
.
first
.
keys
).
not_to
include
'is_admin'
end
end
context
'when authenticated as admin'
do
it
'reveals the `is_admin` flag of the user'
do
get
v3_api
(
'/users'
,
admin
)
expect
(
json_response
.
first
.
keys
).
to
include
'is_admin'
end
end
end
describe
'GET /user/:id/keys'
do
before
{
admin
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment