diff options
author | Alexis Reigel <alexis.reigel.ext@siemens.com> | 2019-01-17 19:27:20 +0100 |
---|---|---|
committer | Alexis Reigel <alexis.reigel.ext@siemens.com> | 2019-03-14 18:39:54 +0100 |
commit | b0981097c302dd04df23ec557b4dcce5c952f2bf (patch) | |
tree | eabd150a7f7ad5ce71ac25470e8ad946084bfc18 | |
parent | 6385c7229cd61eb46b75bcd7441782954a46f1b7 (diff) | |
download | gitlab-ce-b0981097c302dd04df23ec557b4dcce5c952f2bf.tar.gz |
return 400 on users search and feature is disabled
as the params block is evaluated when loading the class and the db
connection is not available yet we can't use the feature toggle inside
that block.
-rw-r--r-- | lib/api/search.rb | 19 | ||||
-rw-r--r-- | locale/gitlab.pot | 3 | ||||
-rw-r--r-- | spec/requests/api/search_spec.rb | 46 |
3 files changed, 55 insertions, 13 deletions
diff --git a/lib/api/search.rb b/lib/api/search.rb index d271923dbd6..30e68c5aac1 100644 --- a/lib/api/search.rb +++ b/lib/api/search.rb @@ -53,15 +53,14 @@ module API # EE, without having to modify this file directly. end - params :scope do |options| - scope_entities = - if Feature.enabled?(:users_search, default_enabled: true) - SCOPE_ENTITY - else - SCOPE_ENTITY.reject { |key, value| key == :users } - end + def check_users_search_allowed! + if Feature.disabled?(:users_search, default_enabled: true) && params[:scope].to_sym == :users + render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400) + end + end - values = scope_entities.stringify_keys.slice(*options[:values]).keys + params :scope do |options| + values = SCOPE_ENTITY.stringify_keys.slice(*options[:values]).keys requires :scope, type: String, @@ -81,6 +80,7 @@ module API end get do verify_search_scope! + check_users_search_allowed! present search, with: entity end @@ -98,6 +98,7 @@ module API end get ':id/(-/)search' do verify_search_scope! + check_users_search_allowed! present search(group_id: user_group.id), with: entity end @@ -114,6 +115,8 @@ module API use :pagination end get ':id/(-/)search' do + check_users_search_allowed! + present search(project_id: user_project.id), with: entity end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 5b192f4ccbc..5cc4942d150 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -6632,6 +6632,9 @@ msgstr "" msgid "Scope" msgstr "" +msgid "Scope not supported with disabled 'users_search' feature!" +msgstr "" + msgid "Scroll down to <strong>Google Code Project Hosting</strong> and enable the switch on the right." msgstr "" diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 0f539fb6c60..49672591b3b 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -81,10 +81,22 @@ describe API::Search do before do create(:user, name: 'billy') - get api('/search', user), scope: 'users', search: 'billy' + get api('/search', user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' + + context 'when users search feature is disabled' do + before do + allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true) + + get api('/search', user), params: { scope: 'users', search: 'billy' } + end + + it 'returns 400 error' do + expect(response).to have_gitlab_http_status(400) + end + end end context 'for snippet_titles scope' do @@ -203,15 +215,27 @@ describe API::Search do it_behaves_like 'response is correct', schema: 'public_api/v4/milestones' end - context 'for user scope' do + context 'for users scope' do before do user = create(:user, name: 'billy') create(:group_member, :developer, user: user, group: group) - get api("/groups/#{group.id}/search", user), scope: 'users', search: 'billy' + get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' + + context 'when users search feature is disabled' do + before do + allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true) + + get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' } + end + + it 'returns 400 error' do + expect(response).to have_gitlab_http_status(400) + end + end end context 'for users scope with group path as id' do @@ -219,7 +243,7 @@ describe API::Search do user1 = create(:user, name: 'billy') create(:group_member, :developer, user: user1, group: group) - get api("/groups/#{CGI.escape(group.full_path)}/search", user), scope: 'users', search: 'billy' + get api("/groups/#{CGI.escape(group.full_path)}/search", user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' @@ -306,10 +330,22 @@ describe API::Search do user1 = create(:user, name: 'billy') create(:project_member, :developer, user: user1, project: project) - get api("/projects/#{project.id}/search", user), scope: 'users', search: 'billy' + get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' + + context 'when users search feature is disabled' do + before do + allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true) + + get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' } + end + + it 'returns 400 error' do + expect(response).to have_gitlab_http_status(400) + end + end end context 'for notes scope' do |