Commit 3c1e19ba authored by Mayra Cabrera's avatar Mayra Cabrera

Merge branch 'fix/prevent-user-theme-color-api-overwrite' into 'master'

Prevent default overwrite for theme and color ID in user API

See merge request gitlab-org/gitlab!26792
parents f7699051 25566742
---
title: Prevent default overwrite for theme and color ID in user API
merge_request: 26792
author: Fabio Huser
type: fixed
......@@ -52,8 +52,8 @@ module API
optional :external, type: Boolean, desc: 'Flag indicating the user is an external user'
# TODO: remove rubocop disable - https://gitlab.com/gitlab-org/gitlab/issues/14960
optional :avatar, type: File, desc: 'Avatar image for user' # rubocop:disable Scalability/FileUploads
optional :theme_id, type: Integer, default: 1, desc: 'The GitLab theme for the user'
optional :color_scheme_id, type: Integer, default: 1, desc: 'The color scheme for the file viewer'
optional :theme_id, type: Integer, desc: 'The GitLab theme for the user'
optional :color_scheme_id, type: Integer, desc: 'The color scheme for the file viewer'
optional :private_profile, type: Boolean, desc: 'Flag indicating the user has a private profile'
all_or_none_of :extern_uid, :provider
......
......@@ -832,6 +832,13 @@ describe API::Users, :do_not_mock_admin_mode do
expect(user.reload.private_profile).to eq(false)
end
it "does have default values for theme and color-scheme ID" do
put api("/users/#{user.id}", admin), params: {}
expect(user.reload.theme_id).to eq(Gitlab::Themes.default.id)
expect(user.reload.color_scheme_id).to eq(Gitlab::ColorSchemes.default.id)
end
it "updates private profile" do
put api("/users/#{user.id}", admin), params: { private_profile: true }
......@@ -857,6 +864,19 @@ describe API::Users, :do_not_mock_admin_mode do
expect(user.reload.private_profile).to eq(true)
end
it "does not modify theme or color-scheme ID when field is not provided" do
theme = Gitlab::Themes.each.find { |t| t.id != Gitlab::Themes.default.id }
scheme = Gitlab::ColorSchemes.each.find { |t| t.id != Gitlab::ColorSchemes.default.id }
user.update(theme_id: theme.id, color_scheme_id: scheme.id)
put api("/users/#{user.id}", admin), params: {}
expect(response).to have_gitlab_http_status(:ok)
expect(user.reload.theme_id).to eq(theme.id)
expect(user.reload.color_scheme_id).to eq(scheme.id)
end
it "does not update admin status" do
put api("/users/#{admin_user.id}", admin), params: { can_create_group: false }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment