diff options
| author | Robin Bobbitt <ryehle@us.ibm.com> | 2017-02-15 20:44:36 -0500 |
|---|---|---|
| committer | Robin Bobbitt <ryehle@us.ibm.com> | 2017-04-18 14:55:32 -0400 |
| commit | ddf7e6ae78cc87314d081427f00d54f203cfd60a (patch) | |
| tree | a11222bc23c25204a4c5dbf91eda698ee0243e0e | |
| parent | 22c4050058cd941b3e2d1d38cd370a5a3cb99cb4 (diff) | |
| download | gitlab-ce-ddf7e6ae78cc87314d081427f00d54f203cfd60a.tar.gz | |
Implement search by extern_uid in Users API
| -rw-r--r-- | app/models/identity.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/query-users-by-extern-uid.yml | 4 | ||||
| -rw-r--r-- | doc/api/users.md | 12 | ||||
| -rw-r--r-- | lib/api/users.rb | 22 | ||||
| -rw-r--r-- | spec/requests/api/users_spec.rb | 27 |
5 files changed, 59 insertions, 8 deletions
diff --git a/app/models/identity.rb b/app/models/identity.rb index 3bacc450e6e..920a25932b4 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -7,6 +7,8 @@ class Identity < ActiveRecord::Base validates :extern_uid, allow_blank: true, uniqueness: { scope: :provider } validates :user_id, uniqueness: { scope: :provider } + scope :with_extern_uid, ->(provider, extern_uid) { where(extern_uid: extern_uid, provider: provider) } + def ldap? provider.starts_with?('ldap') end diff --git a/changelogs/unreleased/query-users-by-extern-uid.yml b/changelogs/unreleased/query-users-by-extern-uid.yml new file mode 100644 index 00000000000..39d1cf8d3f3 --- /dev/null +++ b/changelogs/unreleased/query-users-by-extern-uid.yml @@ -0,0 +1,4 @@ +--- +title: Implement search by extern_uid in Users API +merge_request: 10509 +author: Robin Bobbitt diff --git a/doc/api/users.md b/doc/api/users.md index 2ada4d09c84..604acedb4a2 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -130,6 +130,18 @@ For example: GET /users?username=jack_smith ``` +You can also lookup users by external UID and provider: + +``` +GET /users?extern_uid=:extern_uid&provider=:provider +``` + +For example: + +``` +GET /users?extern_uid=1234567&provider=github +``` + You can search for users who are external with: `/users?external=true` ## Single user diff --git a/lib/api/users.rb b/lib/api/users.rb index eedc59f8636..d474467c8e9 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -39,10 +39,13 @@ module API params do # CE optional :username, type: String, desc: 'Get a single user with a specific username' + optional :extern_uid, type: String, desc: 'Get a single user with a specific external authentication provider UID' + optional :provider, type: String, desc: 'The external provider' optional :search, type: String, desc: 'Search for a username' optional :active, type: Boolean, default: false, desc: 'Filters only active users' optional :external, type: Boolean, default: false, desc: 'Filters only external users' optional :blocked, type: Boolean, default: false, desc: 'Filters only blocked users' + all_or_none_of :extern_uid, :provider use :pagination end @@ -51,14 +54,17 @@ module API render_api_error!("Not authorized.", 403) end - if params[:username].present? - users = User.where(username: params[:username]) - else - users = User.all - users = users.active if params[:active] - users = users.search(params[:search]) if params[:search].present? - users = users.blocked if params[:blocked] - users = users.external if params[:external] && current_user.admin? + authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?) + + users = User.all + users = User.where(username: params[:username]) if params[:username] + users = users.active if params[:active] + users = users.search(params[:search]) if params[:search].present? + users = users.blocked if params[:blocked] + + if current_user.admin? + users = users.joins(:identities).merge(Identity.with_extern_uid(params[:provider], params[:extern_uid])) if params[:extern_uid] && params[:provider] + users = users.external if params[:external] end entity = current_user.admin? ? Entities::UserPublic : Entities::UserBasic diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index f793c0db2f3..a4c7b6bd020 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -72,6 +72,12 @@ describe API::Users, api: true do expect(json_response).to be_an Array expect(json_response.first['username']).to eq(omniauth_user.username) end + + it "returns a 403 when non-admin user searches by external UID" do + get api("/users?extern_uid=#{omniauth_user.identities.first.extern_uid}&provider=#{omniauth_user.identities.first.provider}", user) + + expect(response).to have_http_status(403) + end end context "when admin" do @@ -100,6 +106,27 @@ describe API::Users, api: true do expect(json_response).to be_an Array expect(json_response).to all(include('external' => true)) end + + it "returns one user by external UID" do + get api("/users?extern_uid=#{omniauth_user.identities.first.extern_uid}&provider=#{omniauth_user.identities.first.provider}", admin) + + expect(response).to have_http_status(200) + expect(json_response).to be_an Array + expect(json_response.size).to eq(1) + expect(json_response.first['username']).to eq(omniauth_user.username) + end + + it "returns 400 error if provider with no extern_uid" do + get api("/users?extern_uid=#{omniauth_user.identities.first.extern_uid}", admin) + + expect(response).to have_http_status(400) + end + + it "returns 400 error if provider with no extern_uid" do + get api("/users?provider=#{omniauth_user.identities.first.provider}", admin) + + expect(response).to have_http_status(400) + end end end |