Merge branch '29903-remove-user-is-admin-flag-from-api' into 'master'

Don't display the `is_admin?` flag for user API responses Closes #29903 See merge request !10846
author: Sean McGivern <sean@mcgivern.me.uk> 2017-04-25 10:57:32 +0000
committer: Sean McGivern <sean@mcgivern.me.uk> 2017-04-25 10:57:32 +0000
commit: 6dc424c949ab3de9395d821b05d2e1cc5f632ed2 (patch)
tree: c74460ecbf621cf8560053560b787cddd9cda6b5 /spec/requests/api/v3/users_spec.rb
parent: 9a905e1b9f9575bb8d637560cb3c59fd82079d2d (diff)
parent: 0befa887b52613831809380d2cd5d3d2bff88220 (diff)
download: gitlab-ce-6dc424c949ab3de9395d821b05d2e1cc5f632ed2.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/requests/api/v3/users_spec.rb b/spec/requests/api/v3/users_spec.rb
index 05ee704f738..e9c57f7c6c3 100644
--- a/spec/requests/api/v3/users_spec.rb
+++ b/spec/requests/api/v3/users_spec.rb
@@ -274,5 +274,11 @@ describe API::V3::Users do
 
       expect(new_user).to be_confirmed
     end
+
+    it 'does not reveal the `is_admin` flag of the user' do
+      post v3_api('/users', admin), attributes_for(:user)
+
+      expect(json_response['is_admin']).to be_nil
+    end
   end
 end
author	Sean McGivern <sean@mcgivern.me.uk>	2017-04-25 10:57:32 +0000
committer	Sean McGivern <sean@mcgivern.me.uk>	2017-04-25 10:57:32 +0000
commit	6dc424c949ab3de9395d821b05d2e1cc5f632ed2 (patch)
tree	c74460ecbf621cf8560053560b787cddd9cda6b5 /spec/requests/api/v3/users_spec.rb
parent	9a905e1b9f9575bb8d637560cb3c59fd82079d2d (diff)
parent	0befa887b52613831809380d2cd5d3d2bff88220 (diff)
download	gitlab-ce-6dc424c949ab3de9395d821b05d2e1cc5f632ed2.tar.gz