Expose `namespace_id` in users GET API for admins

This change set exposes the `namespace_id` field in the `GET /users` and
`GET /users/:user_id` REST API responses when being requested with an
admin token.

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045

doc/api/users.md

@@ -99,6 +99,8 @@ GET /users?exclude_external=true
 
 ### For admins
 
+> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
+
 ```plaintext
 GET /users
 ```
@@ -151,7 +153,8 @@ GET /users
     "external": false,
     "private_profile": false,
     "current_sign_in_ip": "196.165.1.102",
-    "last_sign_in_ip": "172.127.2.22"
+    "last_sign_in_ip": "172.127.2.22",
+    "namespace_id": 1
   },
   {
     "id": 2,
@@ -185,7 +188,8 @@ GET /users
     "external": false,
     "private_profile": false,
     "current_sign_in_ip": "10.165.1.102",
-    "last_sign_in_ip": "172.127.2.22"
+    "last_sign_in_ip": "172.127.2.22",
+    "namespace_id": 2
   }
 ]
 ```
@@ -300,6 +304,8 @@ Parameters:
 
 ### For admin
 
+> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
+
 ```plaintext
 GET /users/:id
 ```
@@ -355,7 +361,8 @@ Example Responses:
   "last_sign_in_ip": "172.127.2.22",
   "plan": "gold",
   "trial": true,
-  "sign_in_count": 1337
+  "sign_in_count": 1337,
+  "namespace_id": 1
 }
 ```
 
@@ -404,6 +411,8 @@ GET /users/:id?with_custom_attributes=true
 
 ## User creation
 
+> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
+
 Creates a new user. Note only administrators can create new
 users. Either `password`, `reset_password`, or `force_random_password`
 must be specified. If `reset_password` and `force_random_password` are
@@ -459,6 +468,8 @@ Parameters:
 
 ## User modification
 
+> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
+
 Modifies an existing user. Only administrators can change attributes of a user.
 
 ```plaintext
@@ -583,6 +594,8 @@ GET /user
 
 ## List current user (for admins)
 
+> The `namespace_id` field in the response was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82045) in GitLab 14.10.
+
 ```plaintext
 GET /user
 ```
@@ -632,7 +645,8 @@ Parameters:
   "private_profile": false,
   "commit_email": "john-codes@example.com",
   "current_sign_in_ip": "196.165.1.102",
-  "last_sign_in_ip": "172.127.2.22"
+  "last_sign_in_ip": "172.127.2.22",
+  "namespace_id": 1
 }
 ```
 

lib/api/entities/user_with_admin.rb

@@ -5,6 +5,7 @@ module API
     class UserWithAdmin < UserPublic
       expose :admin?, as: :is_admin
       expose :note
+      expose :namespace_id
     end
   end
 end

lib/api/users.rb

@@ -122,6 +122,7 @@ module API
         entity = current_user&.admin? ? Entities::UserWithAdmin : Entities::UserBasic
         users = users.preload(:identities, :u2f_registrations) if entity == Entities::UserWithAdmin
         users = users.preload(:identities, :webauthn_registrations) if entity == Entities::UserWithAdmin
+        users = users.preload(:namespace) if entity == Entities::UserWithAdmin
         users, options = with_custom_attributes(users, { with: entity, current_user: current_user })
 
         users = users.preload(:user_detail)

spec/fixtures/api/schemas/public_api/v4/user/admin.json

@@ -26,7 +26,8 @@
     "can_create_group",
     "can_create_project",
     "two_factor_enabled",
-    "external"
+    "external",
+    "namespace_id"
   ],
   "properties": {
     "$ref": "full.json"

spec/requests/api/users_spec.rb

@@ -87,6 +87,7 @@ RSpec.describe API::Users do
           get api("/users"), params: { username: user.username }
 
           expect(json_response.first).not_to have_key('note')
+          expect(json_response.first).not_to have_key('namespace_id')
         end
       end
 
@@ -96,6 +97,7 @@ RSpec.describe API::Users do
             get api("/users", user), params: { username: user.username }
 
             expect(json_response.first).not_to have_key('note')
+            expect(json_response.first).not_to have_key('namespace_id')
           end
         end
 
@@ -154,6 +156,7 @@ RSpec.describe API::Users do
             get api("/user", user)
 
             expect(json_response).not_to have_key('note')
+            expect(json_response).not_to have_key('namespace_id')
           end
         end
       end
@@ -384,6 +387,15 @@ RSpec.describe API::Users do
         expect(response).to include_pagination_headers
       end
 
+      it "users contain the `namespace_id` field" do
+        get api("/users", admin)
+
+        expect(response).to have_gitlab_http_status(:success)
+        expect(response).to match_response_schema('public_api/v4/user/admins')
+        expect(json_response.size).to eq(2)
+        expect(json_response.map { |u| u['namespace_id'] }).to include(user.namespace_id, admin.namespace_id)
+      end
+
       it "returns an array of external users" do
         create(:user, external: true)
 
@@ -697,6 +709,14 @@ RSpec.describe API::Users do
         expect(json_response['highest_role']).to be(0)
       end
 
+      it 'includes the `namespace_id` field' do
+        get api("/users/#{user.id}", admin)
+
+        expect(response).to have_gitlab_http_status(:success)
+        expect(response).to match_response_schema('public_api/v4/user/admin')
+        expect(json_response['namespace_id']).to eq(user.namespace_id)
+      end
+
       if Gitlab.ee?
         it 'does not include values for plan or trial' do
           get api("/users/#{user.id}", admin)