Commit afea8524 authored by Jarka Košanová's avatar Jarka Košanová

Merge branch 'dblessing-gl-override-api' into 'master'

Expose LDAP Override in API, add set and clear methods

Closes #4875

See merge request gitlab-org/gitlab!28674
parents c4c5b585 1728bf98
......@@ -282,6 +282,78 @@ Example response:
}
```
### Set override flag for a member of a group
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/4875) in GitLab 12.10.
By default, the access level of LDAP group members is set to the value specified
by LDAP through Group Sync. You can allow access level overrides by calling this endpoint.
```plaintext
POST /groups/:id/members/:user_id/override
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
| `user_id` | integer | yes | The user ID of the member |
```bash
curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/:id/members/:user_id/override
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80&d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
"access_level": 40,
"override": true
}
```
### Remove override for a member of a group
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/4875) in GitLab 12.10.
Sets the override flag to false and allows LDAP Group Sync to reset the access
level to the LDAP-prescribed value.
```plaintext
DELETE /groups/:id/members/:user_id/override
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) owned by the authenticated user |
| `user_id` | integer | yes | The user ID of the member |
```bash
curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/groups/:id/members/:user_id/override
```
Example response:
```json
{
"id": 1,
"username": "raymond_smith",
"name": "Raymond Smith",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/c2525a7f58ae3776070e44c106c48e15?s=80&d=identicon",
"web_url": "http://192.168.1.8:3000/root",
"expires_at": "2012-10-22T14:13:35Z",
"access_level": 40,
"override": false
}
```
## Remove a member from a group or project
Removes a user from a group or project.
......
......@@ -20,6 +20,7 @@ module EE
end
scope :non_owners, -> { where("members.access_level < ?", ::Gitlab::Access::OWNER) }
scope :by_user_id, ->(user_id) { where(user_id: user_id) }
end
class_methods do
......
---
title: Add API methods to manipulate LDAP Override attribute
merge_request: 28674
author: Peter Lloyd <peter.lloyd@cambridgeconsultants.com>
type: added
......@@ -10,7 +10,11 @@ module EE
expose :group_saml_identity,
using: ::API::Entities::Identity,
if: -> (member, options) { Ability.allowed?(options[:current_user], :read_group_saml_identity, member.source) }
expose :is_using_seat, if: -> (_, options) { options[:show_seat_info] }
expose :override,
if: ->(member, _) { member.source_type == 'Namespace' && member.ldap? }
end
end
end
......
......@@ -45,6 +45,21 @@ module EE
member
end
def find_member(params)
source = find_source(:group, params.delete(:id))
authorize! :override_group_member, source
source.members.by_user_id(params[:user_id]).first
end
def present_member(updated_member)
if updated_member.valid?
present updated_member, with: ::API::Entities::Member
else
render_validation_error!(updated_member)
end
end
def log_audit_event(member)
::AuditEventService.new(
current_user,
......
# frozen_string_literal: true
module EE
module API
module Members
extend ActiveSupport::Concern
prepended do
params do
requires :id, type: String, desc: 'The ID of a group'
end
resource :groups, requirements: ::API::API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Overrides the access level of an LDAP group member.' do
success Entities::Member
end
params do
requires :user_id, type: Integer, desc: 'The user ID of the member'
end
post ":id/members/:user_id/override" do
member = find_member(params)
updated_member = ::Members::UpdateService
.new(current_user, { override: true })
.execute(member, permission: :override)
present_member(updated_member)
end
desc 'Remove an LDAP group member access level override.' do
success Entities::Member
end
params do
requires :user_id, type: Integer, desc: 'The user ID of the member'
end
delete ":id/members/:user_id/override" do
member = find_member(params)
updated_member = ::Members::UpdateService
.new(current_user, { override: false })
.execute(member, permission: :override)
present_member(updated_member)
end
end
end
end
end
end
This diff is collapsed.
......@@ -160,3 +160,5 @@ module API
end
end
end
API::Members.prepend_if_ee('EE::API::Members')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment