Commit 0e78d906 authored by Jackie Fraser's avatar Jackie Fraser

Add saml_provider_id query param to Users API

Allows the `saml_provider_id` query param to be
sent to the API endpoint GET `/api/users` to return
only users created by the provided SAML provider id.

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66167
EE: true
parent ad1dbf5b
...@@ -109,6 +109,7 @@ GET /users ...@@ -109,6 +109,7 @@ GET /users
| `two_factor` | string | no | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users | | `two_factor` | string | no | Filter users by Two-factor authentication. Filter values are `enabled` or `disabled`. By default it returns all users |
| `without_projects` | boolean | no | Filter users without projects. Default is `false`, which means that all users are returned, with and without projects. | | `without_projects` | boolean | no | Filter users without projects. Default is `false`, which means that all users are returned, with and without projects. |
| `admins` | boolean | no | Return only admin users. Default is `false` | | `admins` | boolean | no | Return only admin users. Default is `false` |
| `saml_provider_id` **(PREMIUM)** | number | no | Return only users created by the specified SAML provider ID. If not included, it returns all users. |
```json ```json
[ [
......
...@@ -17,7 +17,7 @@ module EE ...@@ -17,7 +17,7 @@ module EE
end end
def by_saml_provider_id(users) def by_saml_provider_id(users)
saml_provider_id = params[:by_saml_provider_id] saml_provider_id = params[:saml_provider_id]
return users unless saml_provider_id return users unless saml_provider_id
users.limit_to_saml_provider(saml_provider_id) users.limit_to_saml_provider(saml_provider_id)
......
...@@ -16,6 +16,7 @@ module EE ...@@ -16,6 +16,7 @@ module EE
params :optional_index_params_ee do params :optional_index_params_ee do
optional :skip_ldap, type: Grape::API::Boolean, default: false, desc: 'Skip LDAP users' optional :skip_ldap, type: Grape::API::Boolean, default: false, desc: 'Skip LDAP users'
optional :saml_provider_id, type: Integer, desc: 'Return only users from the specified SAML provider Id'
end end
end end
end end
......
...@@ -40,7 +40,7 @@ RSpec.describe UsersFinder do ...@@ -40,7 +40,7 @@ RSpec.describe UsersFinder do
end end
it 'returns only saml users from the provided saml_provider_id' do it 'returns only saml users from the provided saml_provider_id' do
users = described_class.new(normal_user, by_saml_provider_id: saml_provider.id).execute users = described_class.new(normal_user, saml_provider_id: saml_provider.id).execute
expect(users).to contain_exactly(saml_user) expect(users).to contain_exactly(saml_user)
end end
......
...@@ -182,6 +182,26 @@ RSpec.describe API::Users do ...@@ -182,6 +182,26 @@ RSpec.describe API::Users do
end end
end end
describe 'GET /api/users?saml_provider_id' do
context 'querying users by saml provider id' do
let(:group) { create(:group) }
let(:saml_provider) { create(:saml_provider, group: group, enabled: true, enforced_sso: true) }
it 'returns only users for the saml_provider_id' do
saml_user = create(:user)
create(:identity, provider: 'group_saml1', saml_provider_id: saml_provider.id, user: saml_user)
non_saml_user = create(:user)
get api("/users", user), params: { saml_provider_id: saml_provider.id }
expect(response).to match_response_schema('public_api/v4/user/basics')
expect(response).to include_pagination_headers
expect(json_response.map { |u| u['id'] }).to include(saml_user.id)
expect(json_response.map { |u| u['id'] }).not_to include(non_saml_user.id)
end
end
end
describe 'GET /user/:id' do describe 'GET /user/:id' do
context 'when authenticated' do context 'when authenticated' do
context 'as an admin' do context 'as an admin' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment