Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
782d5698
Commit
782d5698
authored
Apr 21, 2020
by
Alex Pooley
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Expose user email to group managed account owners
parent
5f46aca7
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
363 additions
and
0 deletions
+363
-0
doc/api/members.md
doc/api/members.md
+2
-0
ee/app/models/ee/user.rb
ee/app/models/ee/user.rb
+4
-0
ee/changelogs/unreleased/209022-include-email-address-in-group-members-api.yml
...sed/209022-include-email-address-in-group-members-api.yml
+6
-0
ee/lib/ee/api/entities/user_basic.rb
ee/lib/ee/api/entities/user_basic.rb
+1
-0
ee/spec/lib/ee/api/entities/member_spec.rb
ee/spec/lib/ee/api/entities/member_spec.rb
+20
-0
ee/spec/models/user_spec.rb
ee/spec/models/user_spec.rb
+36
-0
ee/spec/requests/api/members_spec.rb
ee/spec/requests/api/members_spec.rb
+215
-0
ee/spec/support/shared_contexts/requests/api/members_shared_contexts.rb
...t/shared_contexts/requests/api/members_shared_contexts.rb
+54
-0
ee/spec/support/shared_examples/requests/api/members_shared_examples.rb
...t/shared_examples/requests/api/members_shared_examples.rb
+25
-0
No files found.
doc/api/members.md
View file @
782d5698
...
@@ -59,6 +59,7 @@ Example response:
...
@@ -59,6 +59,7 @@ Example response:
"web_url"
:
"http://192.168.1.8:3000/root"
,
"web_url"
:
"http://192.168.1.8:3000/root"
,
"expires_at"
:
"2012-10-22T14:13:35Z"
,
"expires_at"
:
"2012-10-22T14:13:35Z"
,
"access_level"
:
30
,
"access_level"
:
30
,
"email"
:
"john@example.com"
,
"group_saml_identity"
:
{
"group_saml_identity"
:
{
"extern_uid"
:
"ABC-1234567890"
,
"extern_uid"
:
"ABC-1234567890"
,
"provider"
:
"group_saml"
,
"provider"
:
"group_saml"
,
...
@@ -116,6 +117,7 @@ Example response:
...
@@ -116,6 +117,7 @@ Example response:
"web_url"
:
"http://192.168.1.8:3000/root"
,
"web_url"
:
"http://192.168.1.8:3000/root"
,
"expires_at"
:
"2012-10-22T14:13:35Z"
,
"expires_at"
:
"2012-10-22T14:13:35Z"
,
"access_level"
:
30
"access_level"
:
30
"email"
:
"john@example.com"
,
"group_saml_identity"
:
{
"group_saml_identity"
:
{
"extern_uid"
:
"ABC-1234567890"
,
"extern_uid"
:
"ABC-1234567890"
,
"provider"
:
"group_saml"
,
"provider"
:
"group_saml"
,
...
...
ee/app/models/ee/user.rb
View file @
782d5698
...
@@ -300,6 +300,10 @@ module EE
...
@@ -300,6 +300,10 @@ module EE
managing_group
.
present?
managing_group
.
present?
end
end
def
managed_by?
(
user
)
self
.
group_managed_account?
&&
self
.
managing_group
.
owned_by?
(
user
)
end
override
:ldap_sync_time
override
:ldap_sync_time
def
ldap_sync_time
def
ldap_sync_time
::
Gitlab
.
config
.
ldap
[
'sync_time'
]
::
Gitlab
.
config
.
ldap
[
'sync_time'
]
...
...
ee/changelogs/unreleased/209022-include-email-address-in-group-members-api.yml
0 → 100644
View file @
782d5698
---
title
:
REST API membership responses for group owner enqueries include group managed
account emails
merge_request
:
30584
author
:
type
:
added
ee/lib/ee/api/entities/user_basic.rb
View file @
782d5698
...
@@ -8,6 +8,7 @@ module EE
...
@@ -8,6 +8,7 @@ module EE
prepended
do
prepended
do
expose
:gitlab_employee?
,
as: :is_gitlab_employee
,
if:
proc
{
::
Gitlab
.
com?
&&
::
Feature
.
enabled?
(
:gitlab_employee_badge
)
}
expose
:gitlab_employee?
,
as: :is_gitlab_employee
,
if:
proc
{
::
Gitlab
.
com?
&&
::
Feature
.
enabled?
(
:gitlab_employee_badge
)
}
expose
:email
,
if:
->
(
user
,
options
)
{
user
.
managed_by?
(
options
[
:current_user
])
}
end
end
end
end
end
end
...
...
ee/spec/lib/ee/api/entities/member_spec.rb
View file @
782d5698
...
@@ -31,4 +31,24 @@ describe API::Entities::Member do
...
@@ -31,4 +31,24 @@ describe API::Entities::Member do
expect
(
entity_representation
.
keys
).
not_to
include
(
:group_saml_identity
)
expect
(
entity_representation
.
keys
).
not_to
include
(
:group_saml_identity
)
end
end
end
end
context
'when current user is allowed to manage user'
do
before
do
allow
(
member
.
user
).
to
receive
(
:managed_by?
).
and_return
(
true
)
end
it
'exposes email'
do
expect
(
entity_representation
.
keys
).
to
include
(
:email
)
end
end
context
'when current user is not allowed to manage user'
do
before
do
allow
(
member
.
user
).
to
receive
(
:managed_by?
).
and_return
(
false
)
end
it
'does not expose email'
do
expect
(
entity_representation
.
keys
).
not_to
include
(
:email
)
end
end
end
end
ee/spec/models/user_spec.rb
View file @
782d5698
...
@@ -567,6 +567,42 @@ describe User do
...
@@ -567,6 +567,42 @@ describe User do
end
end
end
end
describe
'#managed_by?'
do
let
(
:group
)
{
create
:group
}
let
(
:owner
)
{
create
:user
}
let
(
:member1
)
{
create
:user
}
let
(
:member2
)
{
create
:user
}
before
do
group
.
add_owner
(
owner
)
group
.
add_developer
(
member1
)
group
.
add_developer
(
member2
)
end
context
'when a normal user account'
do
it
'returns false'
do
expect
(
member1
.
managed_by?
(
owner
)).
to
be_falsey
expect
(
member1
.
managed_by?
(
member2
)).
to
be_falsey
end
end
context
'when a group managed account'
do
let
(
:group
)
{
create
:group_with_managed_accounts
}
before
do
member1
.
update
(
managing_group:
group
)
end
it
'returns true with group managed account owner'
do
expect
(
member1
.
managed_by?
(
owner
)).
to
be_truthy
end
it
'returns false with a regular user account'
do
expect
(
member1
.
managed_by?
(
member2
)).
to
be_falsey
end
end
end
describe
'#password_required?'
do
describe
'#password_required?'
do
context
'when user has managing group linked'
do
context
'when user has managing group linked'
do
before
do
before
do
...
...
ee/spec/requests/api/members_spec.rb
View file @
782d5698
...
@@ -3,6 +3,221 @@
...
@@ -3,6 +3,221 @@
require
'spec_helper'
require
'spec_helper'
describe
API
::
Members
do
describe
API
::
Members
do
context
'group members endpoint for group managed accounts'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:owner
)
{
create
(
:user
)
}
before
do
group
.
add_owner
(
owner
)
end
include_context
"group managed account with group members"
subject
do
get
api
(
url
,
owner
)
json_response
end
describe
"GET /groups/:id/members"
do
let
(
:url
)
{
"/groups/
#{
group
.
id
}
/members"
}
it_behaves_like
'members response with exposed emails'
do
let
(
:emails
)
{
gma_member
.
email
}
end
it_behaves_like
'members response with hidden emails'
do
let
(
:emails
)
{
member
.
email
}
end
end
describe
"GET /groups/:id/members/:user_id"
do
let
(
:url
)
{
"/groups/
#{
group
.
id
}
/members/
#{
user_id
}
"
}
context
'with group managed account member'
do
let
(
:user_id
)
{
gma_member
.
id
}
it_behaves_like
'member response with exposed email'
do
let
(
:email
)
{
gma_member
.
email
}
end
end
context
'with a regular member'
do
let
(
:user_id
)
{
member
.
id
}
it_behaves_like
'member response with hidden email'
end
end
describe
"GET /groups/:id/members/all"
do
include_context
"child group with group managed account members"
context
'parent group'
do
let
(
:url
)
{
"/groups/
#{
group
.
id
}
/members/all"
}
it_behaves_like
'members response with exposed emails'
do
let
(
:emails
)
{
gma_member
.
email
}
end
it_behaves_like
'members response with hidden emails'
do
let
(
:emails
)
{
member
.
email
}
end
end
context
'child group'
do
let
(
:url
)
{
"/groups/
#{
child_group
.
id
}
/members/all"
}
it_behaves_like
'members response with exposed emails'
do
let
(
:emails
)
{
[
gma_member
.
email
,
child_gma_member
.
email
]
}
end
it_behaves_like
'members response with hidden emails'
do
let
(
:emails
)
{
[
member
.
email
,
child_member
.
email
]
}
end
end
end
describe
"GET /groups/:id/members/all/:user_id"
do
include_context
"child group with group managed account members"
let
(
:url
)
{
"/groups/
#{
child_group
.
id
}
/members/all/
#{
user_id
}
"
}
context
'with group managed account member'
do
let
(
:user_id
)
{
gma_member
.
id
}
it_behaves_like
'member response with exposed email'
do
let
(
:email
)
{
gma_member
.
email
}
end
end
context
'with regular member'
do
let
(
:user_id
)
{
member
.
id
}
it_behaves_like
'member response with hidden email'
end
context
'with group managed account child group member'
do
let
(
:user_id
)
{
child_gma_member
.
id
}
it_behaves_like
'member response with exposed email'
do
let
(
:email
)
{
child_gma_member
.
email
}
end
end
context
'with child group regular member'
do
let
(
:user_id
)
{
child_member
.
id
}
it_behaves_like
'member response with hidden email'
end
end
end
context
'project members endpoint for group managed accounts'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:project
,
group:
group
)
}
before
do
group
.
add_owner
(
owner
)
end
include_context
"group managed account with project members"
subject
do
get
api
(
url
,
owner
)
json_response
end
describe
"GET /projects/:id/members"
do
let
(
:url
)
{
"/projects/
#{
project
.
id
}
/members"
}
it_behaves_like
'members response with exposed emails'
do
let
(
:emails
)
{
gma_member
.
email
}
end
it_behaves_like
'members response with hidden emails'
do
let
(
:emails
)
{
member
.
email
}
end
end
describe
"GET /projects/:id/members/:user_id"
do
let
(
:url
)
{
"/projects/
#{
project
.
id
}
/members/
#{
user_id
}
"
}
context
'with group managed account member'
do
let
(
:user_id
)
{
gma_member
.
id
}
it_behaves_like
'member response with exposed email'
do
let
(
:email
)
{
gma_member
.
email
}
end
end
context
'with a regular member'
do
let
(
:user_id
)
{
member
.
id
}
it_behaves_like
'member response with hidden email'
end
end
describe
"GET /project/:id/members/all"
do
include_context
"child project with group managed account members"
context
'parent group project'
do
let
(
:url
)
{
"/projects/
#{
project
.
id
}
/members/all"
}
it_behaves_like
'members response with exposed emails'
do
let
(
:emails
)
{
gma_member
.
email
}
end
it_behaves_like
'members response with hidden emails'
do
let
(
:emails
)
{
member
.
email
}
end
end
context
'child group project'
do
let
(
:url
)
{
"/projects/
#{
child_project
.
id
}
/members/all"
}
it_behaves_like
'members response with exposed emails'
do
let
(
:emails
)
{
[
child_gma_member
.
email
]
}
end
it_behaves_like
'members response with hidden emails'
do
let
(
:emails
)
{
[
member
.
email
,
child_member
.
email
]
}
end
end
end
describe
"GET /projects/:id/members/all/:user_id"
do
include_context
"child project with group managed account members"
let
(
:url
)
{
"/projects/
#{
child_project
.
id
}
/members/all/
#{
user_id
}
"
}
context
'with group managed account member'
do
let
(
:user_id
)
{
gma_member
.
id
}
it_behaves_like
'member response with hidden email'
end
context
'with regular member'
do
let
(
:user_id
)
{
member
.
id
}
it_behaves_like
'member response with hidden email'
end
context
'with group managed account child group member'
do
let
(
:user_id
)
{
child_gma_member
.
id
}
it_behaves_like
'member response with exposed email'
do
let
(
:email
)
{
child_gma_member
.
email
}
end
end
context
'with child group regular member'
do
let
(
:user_id
)
{
child_member
.
id
}
it_behaves_like
'member response with hidden email'
end
end
end
context
'without LDAP'
do
context
'without LDAP'
do
let
(
:group
)
{
create
(
:group
)
}
let
(
:group
)
{
create
(
:group
)
}
let
(
:owner
)
{
create
(
:user
)
}
let
(
:owner
)
{
create
(
:user
)
}
...
...
ee/spec/support/shared_contexts/requests/api/members_shared_contexts.rb
0 → 100644
View file @
782d5698
# frozen_string_literal: true
RSpec
.
shared_context
'group managed account with group members'
do
let
(
:group
)
{
create
:group_with_managed_accounts
}
let
(
:member
)
{
create
:user
,
:group_managed
}
let
(
:gma_member
)
{
create
:user
,
:group_managed
,
managing_group:
group
}
before
do
stub_licensed_features
(
group_saml:
true
)
group
.
add_maintainer
(
member
)
group
.
add_maintainer
(
gma_member
)
end
end
RSpec
.
shared_context
'group managed account with project members'
do
let
(
:group
)
{
create
:group_with_managed_accounts
}
let
(
:member
)
{
create
:user
,
:group_managed
}
let
(
:gma_member
)
{
create
:user
,
managing_group:
group
}
before
do
stub_licensed_features
(
group_saml:
true
)
project
.
add_maintainer
(
member
)
project
.
add_maintainer
(
gma_member
)
end
end
RSpec
.
shared_context
'child group with group managed account members'
do
let
(
:child_group
)
{
create
:group
,
parent:
group
}
let
(
:child_member
)
{
create
:user
,
:group_managed
}
let
(
:child_gma_member
)
{
create
:user
,
:group_managed
,
managing_group:
group
}
before
do
child_group
.
add_owner
(
owner
)
child_group
.
add_developer
(
child_member
)
child_group
.
add_developer
(
child_gma_member
)
end
end
RSpec
.
shared_context
'child project with group managed account members'
do
let
(
:child_group
)
{
create
:group
,
parent:
group
}
let
(
:child_project
)
{
create
:project
,
group:
child_group
}
let
(
:child_member
)
{
create
:user
,
:group_managed
}
let
(
:child_gma_member
)
{
create
:user
,
:group_managed
,
managing_group:
group
}
before
do
child_group
.
add_owner
(
owner
)
child_project
.
add_developer
(
child_member
)
child_project
.
add_developer
(
child_gma_member
)
end
end
ee/spec/support/shared_examples/requests/api/members_shared_examples.rb
0 → 100644
View file @
782d5698
# frozen_string_literal: true
RSpec
.
shared_examples
'members response with exposed emails'
do
it
do
Array
(
emails
).
flatten
.
each
do
|
email
|
is_expected
.
to
include
(
a_hash_including
(
'email'
=>
email
))
end
end
end
RSpec
.
shared_examples
'members response with hidden emails'
do
it
do
Array
(
emails
).
flatten
.
each
do
|
email
|
is_expected
.
not_to
include
(
a_hash_including
(
'email'
=>
email
))
end
end
end
RSpec
.
shared_examples
'member response with exposed email'
do
it
{
is_expected
.
to
include
(
'email'
=>
email
)
}
end
RSpec
.
shared_examples
'member response with hidden email'
do
it
{
is_expected
.
not_to
have_key
(
'email'
)
}
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment