diff options
author | Rémy Coutable <remy@rymai.me> | 2017-08-11 14:08:20 +0200 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2017-08-11 15:14:32 +0200 |
commit | 09a348eb139178be534d181273a360a3125df9f9 (patch) | |
tree | f39b5b1969454a80a2cd0ae03368ff92aa968a8f | |
parent | 810c44ae7468fff1934ba1d54bf2b895d98f0842 (diff) | |
download | gitlab-ce-09a348eb139178be534d181273a360a3125df9f9.tar.gz |
Include the `is_admin` field in the `GET /users/:id` API when current user is an admin
Signed-off-by: Rémy Coutable <remy@rymai.me>
-rw-r--r-- | changelogs/unreleased/36213-return-is_admin-in-users-api-when-current_user-is-admin.yml | 6 | ||||
-rw-r--r-- | lib/api/users.rb | 13 | ||||
-rw-r--r-- | spec/requests/api/users_spec.rb | 10 |
3 files changed, 20 insertions, 9 deletions
diff --git a/changelogs/unreleased/36213-return-is_admin-in-users-api-when-current_user-is-admin.yml b/changelogs/unreleased/36213-return-is_admin-in-users-api-when-current_user-is-admin.yml new file mode 100644 index 00000000000..b51b5e58b39 --- /dev/null +++ b/changelogs/unreleased/36213-return-is_admin-in-users-api-when-current_user-is-admin.yml @@ -0,0 +1,6 @@ +--- +title: Include the `is_admin` field in the `GET /users/:id` API when current user + is an admin +merge_request: +author: +type: fixed diff --git a/lib/api/users.rb b/lib/api/users.rb index a590f2692a2..e2019d6d512 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -79,22 +79,17 @@ module API end desc 'Get a single user' do - success Entities::UserBasic + success Entities::User end params do requires :id, type: Integer, desc: 'The ID of the user' end get ":id" do user = User.find_by(id: params[:id]) - not_found!('User') unless user + not_found!('User') unless user && can?(current_user, :read_user, user) - if current_user && current_user.admin? - present user, with: Entities::UserPublic - elsif can?(current_user, :read_user, user) - present user, with: Entities::User - else - render_api_error!("User not found.", 404) - end + opts = current_user&.admin? ? { with: Entities::UserWithAdmin } : {} + present user, opts end desc 'Create a user. Available only for admins.' do diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 2dc7be22f8f..49739a1601a 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -217,9 +217,19 @@ describe API::Users do it "does not return the user's `is_admin` flag" do get api("/users/#{user.id}", user) + expect(response).to have_http_status(200) expect(json_response['is_admin']).to be_nil end + context 'when authenticated as admin' do + it 'includes the `is_admin` field' do + get api("/users/#{user.id}", admin) + + expect(response).to have_http_status(200) + expect(json_response['is_admin']).to be(false) + end + end + context 'for an anonymous user' do it "returns a user by id" do get api("/users/#{user.id}") |