Updating CE repo to include new EE users API changesexpose-saml-provider-id-to-users-api

Updated users API documentation
Moved API level changes to the service level

5 files changed, 37 insertions, 25 deletions

diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb
index 30f7743c56e..026bcfcdaf4 100644
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -5,10 +5,12 @@ module Users
     delegate :user_default_internal_regex_enabled?,
              :user_default_internal_regex_instance,
              to: :'Gitlab::CurrentSettings.current_application_settings'
+    attr_reader :identity_params
 
     def initialize(current_user, params = {})
       @current_user = current_user
       @params = params.dup
+      @identity_params = params.slice(*identity_attributes)
     end
 
     def execute(skip_authorization: false)
@@ -26,10 +28,8 @@ module Users
         end
       end
 
-      identity_attrs = params.slice(*identity_params)
-
-      unless identity_attrs.empty?
-        user.identities.build(identity_attrs)
+      unless identity_params.empty?
+        user.identities.build(identity_params)
       end
 
       user
@@ -37,7 +37,7 @@ module Users
 
     private
 
-    def identity_params
+    def identity_attributes
       [:extern_uid, :provider]
     end
 
diff --git a/app/services/users/update_service.rb b/app/services/users/update_service.rb
index 0b00bd135eb..15c13a452ad 100644
--- a/app/services/users/update_service.rb
+++ b/app/services/users/update_service.rb
@@ -3,11 +3,13 @@
 module Users
   class UpdateService < BaseService
     include NewUserNotifier
+    attr_reader :user, :identity_params
 
     def initialize(current_user, params = {})
       @current_user = current_user
       @user = params.delete(:user)
       @status_params = params.delete(:status)
+      @identity_params = params.slice(*identity_attributes)
       @params = params.dup
     end
 
@@ -15,8 +17,8 @@ module Users
       yield(@user) if block_given?
 
       user_exists = @user.persisted?
-
       assign_attributes
+      assign_identity
 
       if @user.save(validate: validate) && update_status
         notify_success(user_exists)
@@ -55,7 +57,18 @@ module Users
         params.reject! { |key, _| read_only.include?(key.to_sym) }
       end
 
-      @user.assign_attributes(params) unless params.empty?
+      @user.assign_attributes(params.except(*identity_attributes)) unless params.empty? # rubocop: disable CodeReuse/ActiveRecord
+    end
+
+    def assign_identity
+      return unless identity_params.present?
+
+      identity = user.identities.find_or_create_by(provider: identity_params[:provider]) # rubocop: disable CodeReuse/ActiveRecord
+      identity.update(identity_params)
+    end
+
+    def identity_attributes
+      [:provider, :extern_uid]
     end
   end
 end
diff --git a/changelogs/unreleased/expose-saml-provider-id-to-users-api.yml b/changelogs/unreleased/expose-saml-provider-id-to-users-api.yml
new file mode 100644
index 00000000000..6f0e4f4cf7f
--- /dev/null
+++ b/changelogs/unreleased/expose-saml-provider-id-to-users-api.yml
@@ -0,0 +1,5 @@
+---
+title: Expose saml_provider_id in the users API
+merge_request: 14045
+author:
+type: added
diff --git a/doc/api/users.md b/doc/api/users.md
index 47028c679b8..4bc0335ae33 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -2,6 +2,8 @@
 
 ## List users
 
+Active users = Total accounts - Blocked users
+
 Get a list of users.
 
 This function takes pagination parameters `page` and `per_page` to restrict the list of users.
@@ -257,7 +259,8 @@ Parameters:
   "two_factor_enabled": true,
   "external": false,
   "private_profile": false,
-  "highest_role":10
+  "shared_runners_minutes_limit": 133
+  "extra_shared_runners_minutes_limit": 133
 }
 ```
 
@@ -290,6 +293,7 @@ Parameters:
 - `projects_limit` (optional)    - Number of projects user can create
 - `extern_uid` (optional)        - External UID
 - `provider` (optional)          - External provider name
+- `group_id_for_saml` (optional) - ID of group where SAML has been configured
 - `bio` (optional)               - User's biography
 - `location` (optional)          - User's location
 - `public_email` (optional)      - The public email of the user
@@ -299,6 +303,8 @@ Parameters:
 - `external` (optional)          - Flags the user as external - true or false(default)
 - `avatar` (optional)            - Image file for user's avatar
 - `private_profile` (optional)   - User's profile is private - true or false
+- `shared_runners_minutes_limit` (optional) - Pipeline minutes quota for this user
+- `extra_shared_runners_minutes_limit` (optional) - Extra pipeline minutes quota for this user
 
 ## User modification
 
@@ -322,6 +328,7 @@ Parameters:
 - `projects_limit`                 - Limit projects each user can create
 - `extern_uid`                     - External UID
 - `provider`                       - External provider name
+- `group_id_for_saml` (optional)   - ID of group where SAML has been configured
 - `bio`                            - User's biography
 - `location` (optional)            - User's location
 - `public_email` (optional)        - The public email of the user
@@ -329,6 +336,8 @@ Parameters:
 - `can_create_group` (optional)    - User can create groups - true or false
 - `skip_reconfirmation` (optional) - Skip reconfirmation - true or false (default)
 - `external` (optional)            - Flags the user as external - true or false(default)
+- `shared_runners_minutes_limit` (optional) - Pipeline minutes quota for this user
+- `extra_shared_runners_minutes_limit` (optional) - Extra pipeline minutes quota for this user
 - `avatar` (optional)              - Image file for user's avatar
 - `private_profile` (optional)     - User's profile is private - true or false
 
@@ -1150,8 +1159,6 @@ settings page.
 POST /users/:user_id/impersonation_tokens
 ```
 
-Parameters:
-
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `user_id` | integer | yes | The ID of the user |
@@ -1255,4 +1262,4 @@ Example response:
 
 Please note that `last_activity_at` is deprecated, please use `last_activity_on`.
 
-[gemojione-index]: https://github.com/jonathanwiesel/gemojione/blob/master/config/index.json
+[gemojione-index]: https://github.com/jonathanwiesel/gemojione/blob/master/config/index.json
\ No newline at end of file
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 6afeebb6890..9ab5fa8d0bd 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -209,22 +209,9 @@ module API
                 .where.not(id: user.id).count > 0
 
         user_params = declared_params(include_missing: false)
-        identity_attrs = user_params.slice(:provider, :extern_uid)
-
-        if identity_attrs.any?
-          identity = user.identities.find_by(provider: identity_attrs[:provider])
-
-          if identity
-            identity.update(identity_attrs)
-          else
-            identity = user.identities.build(identity_attrs)
-            identity.save
-          end
-        end
 
         user_params[:password_expires_at] = Time.now if user_params[:password].present?
-
-        result = ::Users::UpdateService.new(current_user, user_params.except(:extern_uid, :provider).merge(user: user)).execute
+        result = ::Users::UpdateService.new(current_user, user_params.merge(user: user)).execute
 
         if result[:status] == :success
           present user, with: Entities::UserPublic, current_user: current_user