Commit 243e917e authored by Tan Le's avatar Tan Le Committed by Robert Speicher

Validate audit event id on Groups API

Add presence and type validation on Audit Event ID when getting a
Group-level audit event. This also makes it consistent with a similar
API call to get Instance-level audit event.
parent c76f4fbc
......@@ -91,6 +91,10 @@ Example response:
GET /audit_events/:id
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer | yes | The ID of the audit event |
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/audit_events/1
```
......@@ -195,7 +199,7 @@ GET /groups/:id/audit_events/:audit_event_id
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `audit_event_id` | integer | yes | ID of the audit event |
| `audit_event_id` | integer | yes | The ID of the audit event |
```shell
curl --header "PRIVATE-TOKEN: <your_access_token>" https://primary.example.com/api/v4/groups/60/audit_events/2
......
......@@ -110,6 +110,9 @@ module EE
desc 'Get a specific audit event in this group.' do
success EE::API::Entities::AuditEvent
end
params do
requires :audit_event_id, type: Integer, desc: 'The ID of the audit event'
end
get '/:audit_event_id' do
audit_log_finder_params = audit_log_finder_params(user_group)
audit_event = AuditLogFinder.new(audit_log_finder_params.merge(id: params[:audit_event_id])).execute
......
......@@ -465,9 +465,17 @@ describe API::Groups do
end
end
context 'invalid audit_event_id' do
let(:path) { "/groups/#{group.id}/audit_events/an-invalid-id" }
it_behaves_like '400 response' do
let(:request) { get api(path, user) }
end
end
context 'non existent audit event' do
context 'non existent audit event of a group' do
let(:path) { "/groups/#{group.id}/audit_events/non-existent-id" }
let(:path) { "/groups/#{group.id}/audit_events/666777" }
it_behaves_like '404 response' do
let(:request) { get api(path, user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment