Split `/runners` entrypoint to `/runners` and `/runners/all`

3 files changed, 108 insertions, 22 deletions

diff --git a/doc/api/runners.md b/doc/api/runners.md
index 3be3fd17e65..a8b95ee49ed 100644
--- a/doc/api/runners.md
+++ b/doc/api/runners.md
@@ -1,8 +1,8 @@
 # Runners API
 
-## List runners
+## List owned runners
 
-Get a list of runners.
+Get a list of specific runners available for user.
 
 ```
 GET /runners
@@ -37,6 +37,57 @@ Example response:
 ]
 ```
 
+## List all runners
+
+Get a list of all runners (specific and shared). Access restricted to users with `admin` privileges.
+
+```
+GET /runners/all
+```
+
+| Attribute | Type    | Required | Description         |
+|-----------|---------|----------|---------------------|
+| `scope`   | string  | no       | The scope of runners to show, one of: `specific`, `shared`, `active`, `paused`, `online`; showing all runners if none provided |
+
+```
+curl -H "PRIVATE_TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/runners/all"
+```
+
+Example response:
+
+```json
+[
+    {
+        "active": true,
+        "description": "shared-runner-1",
+        "id": 1,
+        "is_shared": true,
+        "name": null
+    },
+    {
+        "active": true,
+        "description": "shared-runner-2",
+        "id": 3,
+        "is_shared": true,
+        "name": null
+    },
+    {
+        "active": true,
+        "description": "test-1-20150125",
+        "id": 6,
+        "is_shared": false,
+        "name": null
+    },
+    {
+        "active": true,
+        "description": "test-2-20150125",
+        "id": 8,
+        "is_shared": false,
+        "name": null
+    }
+]
+```
+
 ## Get runner's details
 
 Get details of a runner.
diff --git a/lib/api/runners.rb b/lib/api/runners.rb
index f4f8f2f2247..284909c8db4 100644
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -4,19 +4,22 @@ module API
     before { authenticate! }
 
     resource :runners do
-      # Get available shared runners
+      # Get runners available for user
       #
       # Example Request:
       #   GET /runners
       get do
-        runners =
-          if current_user.is_admin?
-            Ci::Runner.all
-          else
-            current_user.ci_authorized_runners
-          end
-
-        runners = filter_runners(runners, params[:scope])
+        runners = filter_runners(current_user.ci_authorized_runners, params[:scope])
+        present paginate(runners), with: Entities::Runner
+      end
+
+      # Get all runners - shared and specific
+      #
+      # Example Request:
+      #   GET /runners/all
+      get 'all' do
+        authenticated_as_admin!
+        runners = filter_runners(Ci::Runner.all, params[:scope])
         present paginate(runners), with: Entities::Runner
       end
 
diff --git a/spec/requests/api/runners_spec.rb b/spec/requests/api/runners_spec.rb
index d600b2312c5..a3c96777b92 100644
--- a/spec/requests/api/runners_spec.rb
+++ b/spec/requests/api/runners_spec.rb
@@ -23,9 +23,44 @@ describe API::API, api: true  do
 
   describe 'GET /runners' do
     context 'authorized user' do
-      context 'authorized user with admin privileges' do
+      it 'should return user available runners' do
+        get api('/runners', user)
+        shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(shared).to be_falsey
+      end
+
+      it 'should filter runners by scope' do
+        get api('/runners?scope=specific', user)
+        shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(shared).to be_falsey
+      end
+
+      it 'should avoid filtering if scope is invalid' do
+        get api('/runners?scope=unknown', user)
+        expect(response.status).to eq(400)
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return runners' do
+        get api('/runners')
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'GET /runners/all' do
+    context 'authorized user' do
+      context 'with admin privileges' do
         it 'should return all runners' do
-          get api('/runners', admin)
+          get api('/runners/all', admin)
           shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
 
           expect(response.status).to eq(200)
@@ -34,19 +69,16 @@ describe API::API, api: true  do
         end
       end
 
-      context 'authorized user without admin privileges' do
-        it 'should return user available runners' do
-          get api('/runners', user)
-          shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
+      context 'without admin privileges' do
+        it 'should not return runners list' do
+          get api('/runners/all', user)
 
-          expect(response.status).to eq(200)
-          expect(json_response).to be_an Array
-          expect(shared).to be_falsey
+          expect(response.status).to eq(403)
         end
       end
 
       it 'should filter runners by scope' do
-        get api('/runners?scope=specific', user)
+        get api('/runners?scope=specific', admin)
         shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
 
         expect(response.status).to eq(200)
@@ -55,7 +87,7 @@ describe API::API, api: true  do
       end
 
       it 'should avoid filtering if scope is invalid' do
-        get api('/runners?scope=unknown', user)
+        get api('/runners?scope=unknown', admin)
         expect(response.status).to eq(400)
       end
     end