diff options
25 files changed, 171 insertions, 72 deletions
diff --git a/app/assets/javascripts/merge_request_tabs.js b/app/assets/javascripts/merge_request_tabs.js index f7f6a773036..6075157ec31 100644 --- a/app/assets/javascripts/merge_request_tabs.js +++ b/app/assets/javascripts/merge_request_tabs.js @@ -5,6 +5,7 @@ import Cookies from 'js-cookie'; import './breakpoints'; import './flash'; +import BlobForkSuggestion from './blob/blob_fork_suggestion'; /* eslint-disable max-len */ // MergeRequestTabs @@ -266,6 +267,16 @@ import './flash'; new gl.Diff(); this.scrollToElement('#diffs'); + + $('.diff-file').each((i, el) => { + new BlobForkSuggestion({ + openButtons: $(el).find('.js-edit-blob-link-fork-toggler'), + forkButtons: $(el).find('.js-fork-suggestion-button'), + cancelButtons: $(el).find('.js-cancel-fork-suggestion-button'), + suggestionSections: $(el).find('.js-file-fork-suggestion-section'), + actionTextPieces: $(el).find('.js-file-fork-suggestion-section-action'), + }); + }); }, }); } diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index fc8d4d02ddf..5885b3543bb 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -28,7 +28,7 @@ class Admin::GroupsController < Admin::ApplicationController if @group.save @group.add_owner(current_user) - redirect_to [:admin, @group], notice: 'Group was successfully created.' + redirect_to [:admin, @group], notice: "Group '#{@group.name}' was successfully created." else render "new" end diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index 3736e1ffcbb..36b16421e8f 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -29,7 +29,7 @@ module BlobHelper link_to 'Edit', edit_path(project, ref, path, options), class: "#{common_classes} btn-sm" elsif current_user && can?(current_user, :fork_project, project) continue_params = { - to: edit_path, + to: edit_path(project, ref, path, options), notice: edit_in_new_fork_notice, notice_now: edit_in_new_fork_notice_now } diff --git a/app/views/admin/cohorts/index.html.haml b/app/views/admin/cohorts/index.html.haml index 46fe12a5a99..be8644c0ca6 100644 --- a/app/views/admin/cohorts/index.html.haml +++ b/app/views/admin/cohorts/index.html.haml @@ -9,7 +9,7 @@ .bs-callout.bs-callout-warning.clearfix %p User cohorts are only shown when the - = link_to 'usage ping', help_page_path('user/admin_area/usage_statistics'), target: '_blank' + = link_to 'usage ping', help_page_path('user/admin_area/settings/usage_statistics', anchor: 'usage-ping'), target: '_blank' is enabled. To enable it and see user cohorts, visit = succeed '.' do diff --git a/app/views/projects/_fork_suggestion.html.haml b/app/views/projects/_fork_suggestion.html.haml new file mode 100644 index 00000000000..c855bfaf067 --- /dev/null +++ b/app/views/projects/_fork_suggestion.html.haml @@ -0,0 +1,11 @@ +- if current_user + .js-file-fork-suggestion-section.file-fork-suggestion.hidden + %span.file-fork-suggestion-note + You're not allowed to + %span.js-file-fork-suggestion-section-action + edit + files in this project directly. Please fork this project, + make your changes there, and submit a merge request. + = link_to 'Fork', nil, method: :post, class: 'js-fork-suggestion-button btn btn-grouped btn-inverted btn-new' + %button.js-cancel-fork-suggestion-button.btn.btn-grouped{ type: 'button' } + Cancel diff --git a/app/views/projects/blob/_header.html.haml b/app/views/projects/blob/_header.html.haml index d46e4534497..c553db84ee0 100644 --- a/app/views/projects/blob/_header.html.haml +++ b/app/views/projects/blob/_header.html.haml @@ -39,14 +39,4 @@ = replace_blob_link = delete_blob_link -- if current_user - .js-file-fork-suggestion-section.file-fork-suggestion.hidden - %span.file-fork-suggestion-note - You're not allowed to - %span.js-file-fork-suggestion-section-action - edit - files in this project directly. Please fork this project, - make your changes there, and submit a merge request. - = link_to 'Fork', nil, method: :post, class: 'js-fork-suggestion-button btn btn-grouped btn-inverted btn-new' - %button.js-cancel-fork-suggestion-button.btn.btn-grouped{ type: 'button' } - Cancel += render 'projects/fork_suggestion' diff --git a/app/views/projects/diffs/_file.html.haml b/app/views/projects/diffs/_file.html.haml index 0232a09b4a8..4622b980754 100644 --- a/app/views/projects/diffs/_file.html.haml +++ b/app/views/projects/diffs/_file.html.haml @@ -18,4 +18,6 @@ = view_file_button(diff_commit.id, diff_file.new_path, project) = view_on_environment_button(diff_commit.id, diff_file.new_path, environment) if environment + = render 'projects/fork_suggestion' + = render 'projects/diffs/content', diff_file: diff_file, diff_commit: diff_commit, blob: blob, project: project diff --git a/changelogs/unreleased/21683-show-created-group-name-flash.yml b/changelogs/unreleased/21683-show-created-group-name-flash.yml new file mode 100644 index 00000000000..06ef5e972fc --- /dev/null +++ b/changelogs/unreleased/21683-show-created-group-name-flash.yml @@ -0,0 +1,4 @@ +--- +title: Show group name on flash container when group is created from Admin area. +merge_request: 10905 +author: diff --git a/changelogs/unreleased/29903-remove-user-is-admin-flag-from-api.yml b/changelogs/unreleased/29903-remove-user-is-admin-flag-from-api.yml new file mode 100644 index 00000000000..a0d497ac1e9 --- /dev/null +++ b/changelogs/unreleased/29903-remove-user-is-admin-flag-from-api.yml @@ -0,0 +1,4 @@ +--- +title: Don't display the is_admin flag in most API responses +merge_request: 10846 +author: diff --git a/changelogs/unreleased/fix-usage-ping-doc-link.yml b/changelogs/unreleased/fix-usage-ping-doc-link.yml new file mode 100644 index 00000000000..5217a4e4e4b --- /dev/null +++ b/changelogs/unreleased/fix-usage-ping-doc-link.yml @@ -0,0 +1,4 @@ +--- +title: Fix usage ping docs link from empty cohorts page +merge_request: +author: diff --git a/doc/api/deployments.md b/doc/api/deployments.md index 0273c819614..ab9e63e01d3 100644 --- a/doc/api/deployments.md +++ b/doc/api/deployments.md @@ -48,7 +48,6 @@ Example of response "bio": null, "created_at": "2016-08-11T07:09:20.351Z", "id": 1, - "is_admin": true, "linkedin": "", "location": null, "name": "Administrator", @@ -106,7 +105,6 @@ Example of response "bio": null, "created_at": "2016-08-11T07:09:20.351Z", "id": 1, - "is_admin": true, "linkedin": "", "location": null, "name": "Administrator", @@ -195,7 +193,6 @@ Example of response "avatar_url": "http://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80&d=identicon", "web_url": "http://localhost:3000/root", "created_at": "2016-08-11T07:09:20.351Z", - "is_admin": true, "bio": null, "location": null, "skype": "", diff --git a/doc/api/jobs.md b/doc/api/jobs.md index 3f109dfdca3..404da3dc603 100644 --- a/doc/api/jobs.md +++ b/doc/api/jobs.md @@ -57,7 +57,6 @@ Example of response "bio": null, "created_at": "2015-12-21T13:14:24.077Z", "id": 1, - "is_admin": true, "linkedin": "", "name": "Administrator", "skype": "", @@ -101,7 +100,6 @@ Example of response "bio": null, "created_at": "2015-12-21T13:14:24.077Z", "id": 1, - "is_admin": true, "linkedin": "", "name": "Administrator", "skype": "", @@ -173,7 +171,6 @@ Example of response "bio": null, "created_at": "2015-12-21T13:14:24.077Z", "id": 1, - "is_admin": true, "linkedin": "", "name": "Administrator", "skype": "", @@ -217,7 +214,6 @@ Example of response "bio": null, "created_at": "2015-12-21T13:14:24.077Z", "id": 1, - "is_admin": true, "linkedin": "", "name": "Administrator", "skype": "", @@ -284,7 +280,6 @@ Example of response "bio": null, "created_at": "2015-12-21T13:14:24.077Z", "id": 1, - "is_admin": true, "linkedin": "", "name": "Administrator", "skype": "", diff --git a/doc/api/keys.md b/doc/api/keys.md index 3b55c2baf56..3ace1040f38 100644 --- a/doc/api/keys.md +++ b/doc/api/keys.md @@ -26,7 +26,6 @@ Parameters: "avatar_url": "http://www.gravatar.com/avatar/cfa35b8cd2ec278026357769582fa563?s=40\u0026d=identicon", "web_url": "http://localhost:3000/john_smith", "created_at": "2015-09-03T07:24:01.670Z", - "is_admin": false, "bio": null, "skype": "", "linkedin": "", diff --git a/doc/api/users.md b/doc/api/users.md index e7ef68cffbc..86027bcc05c 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -62,7 +62,6 @@ GET /users "avatar_url": "http://localhost:3000/uploads/user/avatar/1/index.jpg", "web_url": "http://localhost:3000/john_smith", "created_at": "2012-05-23T08:00:58Z", - "is_admin": false, "bio": null, "location": null, "skype": "", @@ -95,7 +94,6 @@ GET /users "avatar_url": "http://localhost:3000/uploads/user/avatar/2/index.jpg", "web_url": "http://localhost:3000/jack_smith", "created_at": "2012-05-23T08:01:01Z", - "is_admin": false, "bio": null, "location": null, "skype": "", @@ -169,7 +167,6 @@ Parameters: "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg", "web_url": "http://localhost:3000/john_smith", "created_at": "2012-05-23T08:00:58Z", - "is_admin": false, "bio": null, "location": null, "skype": "", @@ -200,7 +197,6 @@ Parameters: "avatar_url": "http://localhost:3000/uploads/user/avatar/1/index.jpg", "web_url": "http://localhost:3000/john_smith", "created_at": "2012-05-23T08:00:58Z", - "is_admin": false, "bio": null, "location": null, "skype": "", @@ -325,7 +321,6 @@ GET /user "avatar_url": "http://localhost:3000/uploads/user/avatar/1/index.jpg", "web_url": "http://localhost:3000/john_smith", "created_at": "2012-05-23T08:00:58Z", - "is_admin": false, "bio": null, "location": null, "skype": "", diff --git a/doc/user/admin_area/monitoring/health_check.md b/doc/user/admin_area/monitoring/health_check.md index eac57bc3de4..a4935f66cbd 100644 --- a/doc/user/admin_area/monitoring/health_check.md +++ b/doc/user/admin_area/monitoring/health_check.md @@ -1,36 +1,78 @@ # Health Check -> [Introduced][ce-3888] in GitLab 8.8. - -GitLab provides a health check endpoint for uptime monitoring on the `health_check` web -endpoint. The health check reports on the overall system status based on the status of -the database connection, the state of the database migrations, and the ability to write -and access the cache. This endpoint can be provided to uptime monitoring services like -[Pingdom][pingdom], [Nagios][nagios-health], and [NewRelic][newrelic-health]. +>**Notes:** + - Liveness and readiness probes were [introduced][ce-10416] in GitLab 9.1. + - The `health_check` endpoint was [introduced][ce-3888] in GitLab 8.8 and will + be deprecated in GitLab 9.1. Read more in the [old behavior](#old-behavior) + section. + +GitLab provides liveness and readiness probes to indicate service health and +reachability to required services. These probes report on the status of the +database connection, Redis connection, and access to the filesystem. These +endpoints [can be provided to schedulers like Kubernetes][kubernetes] to hold +traffic until the system is ready or restart the container as needed. ## Access Token -An access token needs to be provided while accessing the health check endpoint. The current -accepted token can be found on the `admin/health_check` page of your GitLab instance. +An access token needs to be provided while accessing the probe endpoints. The current +accepted token can be found under the **Admin area ➔ Monitoring ➔ Health check** +(`admin/health_check`) page of your GitLab instance.  The access token can be passed as a URL parameter: ``` -https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN +https://gitlab.example.com/-/readiness?token=ACCESS_TOKEN ``` -or as an HTTP header: +which will then provide a report of system health in JSON format: -```bash -curl --header "TOKEN: ACCESS_TOKEN" https://gitlab.example.com/health_check.json +``` +{ + "db_check": { + "status": "ok" + }, + "redis_check": { + "status": "ok" + }, + "fs_shards_check": { + "status": "ok", + "labels": { + "shard": "default" + } + } +} ``` ## Using the Endpoint -Once you have the access token, health information can be retrieved as plain text, JSON, -or XML using the `health_check` endpoint: +Once you have the access token, the probes can be accessed: + +- `https://gitlab.example.com/-/readiness?token=ACCESS_TOKEN` +- `https://gitlab.example.com/-/liveness?token=ACCESS_TOKEN` + +## Status + +On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint +will return a valid successful HTTP status code, and a `success` message. + +## Old behavior + +>**Notes:** + - Liveness and readiness probes were [introduced][ce-10416] in GitLab 9.1. + - The `health_check` endpoint was [introduced][ce-3888] in GitLab 8.8 and will + be deprecated in GitLab 9.1. Read more in the [old behavior](#old-behavior) + section. + +GitLab provides a health check endpoint for uptime monitoring on the `health_check` web +endpoint. The health check reports on the overall system status based on the status of +the database connection, the state of the database migrations, and the ability to write +and access the cache. This endpoint can be provided to uptime monitoring services like +[Pingdom][pingdom], [Nagios][nagios-health], and [NewRelic][newrelic-health]. + +Once you have the [access token](#access-token), health information can be +retrieved as plain text, JSON, or XML using the `health_check` endpoint: - `https://gitlab.example.com/health_check?token=ACCESS_TOKEN` - `https://gitlab.example.com/health_check.json?token=ACCESS_TOKEN` @@ -54,13 +96,13 @@ would be like: {"healthy":true,"message":"success"} ``` -## Status - On failure, the endpoint will return a `500` HTTP status code. On success, the endpoint will return a valid successful HTTP status code, and a `success` message. Ideally your uptime monitoring should look for the success message. +[ce-10416]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888 [ce-3888]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3888 [pingdom]: https://www.pingdom.com [nagios-health]: https://nagios-plugins.org/doc/man/check_http.html [newrelic-health]: https://docs.newrelic.com/docs/alerts/alert-policies/downtime-alerts/availability-monitoring +[kubernetes]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ diff --git a/doc/user/discussions/index.md b/doc/user/discussions/index.md index c5123c06ce0..59e343ebe51 100644 --- a/doc/user/discussions/index.md +++ b/doc/user/discussions/index.md @@ -12,7 +12,7 @@ You can leave a comment in the following places: The comment area supports [Markdown] and [slash commands]. One can edit their own comment at any time, and anyone with [Master access level][permissions] or -higher can also a comment made by someone else. +higher can also edit a comment made by someone else. Apart from the standard comments, you also have the option to create a comment in the form of a resolvable or threaded discussion. diff --git a/doc/user/markdown.md b/doc/user/markdown.md index 97de428d11d..0d29b471d52 100644 --- a/doc/user/markdown.md +++ b/doc/user/markdown.md @@ -431,7 +431,7 @@ Emphasis, aka italics, with *asterisks* or _underscores_. Strong emphasis, aka bold, with **asterisks** or __underscores__. -Combined emphasis with **_asterisks and underscores_**. +Combined emphasis with **asterisks and _underscores_**. Strikethrough uses two tildes. ~~Scratch this.~~ ``` @@ -640,10 +640,11 @@ Here's a line for us to start with. This line is separated from the one above by two newlines, so it will be a *separate paragraph*. This line is also a separate paragraph, but... -This line is only separated by a single newline, so it's a separate line in the *same paragraph*. +This line is only separated by a single newline, so it *does not break* and just follows the previous line in the *same paragraph*. + +This line is also a separate paragraph, and... +This line is *on its own line*, because the previous line ends with two spaces. (but still in the *same paragraph*) -This line is also a separate paragraph, and... -This line is on its own line, because the previous line ends with two spaces. ``` @@ -651,11 +652,12 @@ Here's a line for us to start with. This line is separated from the one above by two newlines, so it will be a *separate paragraph*. -This line is also begins a separate paragraph, but... -This line is only separated by a single newline, so it's a separate line in the *same paragraph*. +This line is also a separate paragraph, but... +This line is only separated by a single newline, so it *does not break* and just follows the previous line in the *same paragraph*. + +This line is also a separate paragraph, and... +This line is *on its own line*, because the previous line ends with two spaces. (but still in the *same paragraph*) -This line is also a separate paragraph, and... -This line is on its own line, because the previous line ends with two spaces. ### Tables diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 64ab6f01eb5..6d6ccefe877 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -14,7 +14,6 @@ module API class User < UserBasic expose :created_at - expose :admin?, as: :is_admin expose :bio, :location, :skype, :linkedin, :twitter, :website_url, :organization end @@ -41,8 +40,9 @@ module API expose :external end - class UserWithPrivateToken < UserPublic + class UserWithPrivateDetails < UserPublic expose :private_token + expose :admin?, as: :is_admin end class Email < Grape::Entity diff --git a/lib/api/session.rb b/lib/api/session.rb index 002ffd1d154..016415c3023 100644 --- a/lib/api/session.rb +++ b/lib/api/session.rb @@ -1,7 +1,7 @@ module API class Session < Grape::API desc 'Login to get token' do - success Entities::UserWithPrivateToken + success Entities::UserWithPrivateDetails end params do optional :login, type: String, desc: 'The username' @@ -14,7 +14,7 @@ module API return unauthorized! unless user return render_api_error!('401 Unauthorized. You have 2FA enabled. Please use a personal access token to access the API', 401) if user.two_factor_enabled? - present user, with: Entities::UserWithPrivateToken + present user, with: Entities::UserWithPrivateDetails end end end diff --git a/lib/api/users.rb b/lib/api/users.rb index 46f221f68fe..40acaebf670 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -433,7 +433,7 @@ module API success Entities::UserPublic end get do - present current_user, with: sudo? ? Entities::UserWithPrivateToken : Entities::UserPublic + present current_user, with: sudo? ? Entities::UserWithPrivateDetails : Entities::UserPublic end desc "Get the currently authenticated user's SSH keys" do diff --git a/spec/features/merge_requests/diffs_spec.rb b/spec/features/merge_requests/diffs_spec.rb index 4a6c76a5caf..32a6a4b2682 100644 --- a/spec/features/merge_requests/diffs_spec.rb +++ b/spec/features/merge_requests/diffs_spec.rb @@ -1,11 +1,13 @@ require 'spec_helper' feature 'Diffs URL', js: true, feature: true do - before do - login_as :admin - @merge_request = create(:merge_request) - @project = @merge_request.source_project - end + include ApplicationHelper + + let(:author_user) { create(:user) } + let(:user) { create(:user) } + let(:project) { create(:project, :public) } + let(:forked_project) { Projects::ForkService.new(project, author_user).execute } + let(:merge_request) { create(:merge_request_with_diffs, source_project: forked_project, target_project: project, author: author_user) } context 'when visit with */* as accept header' do before(:each) do @@ -13,9 +15,9 @@ feature 'Diffs URL', js: true, feature: true do end it 'renders the notes' do - create :note_on_merge_request, project: @project, noteable: @merge_request, note: 'Rebasing with master' + create :note_on_merge_request, project: project, noteable: merge_request, note: 'Rebasing with master' - visit diffs_namespace_project_merge_request_path(@project.namespace, @project, @merge_request) + visit diffs_namespace_project_merge_request_path(project.namespace, project, merge_request) # Load notes and diff through AJAX expect(page).to have_css('.note-text', visible: false, text: 'Rebasing with master') @@ -28,11 +30,38 @@ feature 'Diffs URL', js: true, feature: true do allow_any_instance_of(MergeRequestDiff).to receive(:overflow?).and_return(true) allow(Commit).to receive(:max_diff_options).and_return(max_files: 20, max_lines: 20) - visit diffs_namespace_project_merge_request_path(@project.namespace, @project, @merge_request) + visit diffs_namespace_project_merge_request_path(project.namespace, project, merge_request) page.within('.alert') do expect(page).to have_text("Too many changes to show. Plain diff Email patch To preserve - performance only 3 of 3+ files are displayed.") + performance only 3 of 3 files are displayed.") + end + end + end + + describe 'when editing file' do + let(:changelog_id) { hexdigest("CHANGELOG") } + + context 'as author' do + it 'shows direct edit link' do + login_as(author_user) + visit diffs_namespace_project_merge_request_path(project.namespace, project, merge_request) + + # Throws `Capybara::Poltergeist::InvalidSelector` if we try to use `#hash` syntax + expect(page).to have_selector("[id=\"#{changelog_id}\"] a.js-edit-blob") + end + end + + context 'as user who needs to fork' do + it 'shows fork/cancel confirmation' do + login_as(user) + visit diffs_namespace_project_merge_request_path(project.namespace, project, merge_request) + + # Throws `Capybara::Poltergeist::InvalidSelector` if we try to use `#hash` syntax + find("[id=\"#{changelog_id}\"] .js-edit-blob").click + + expect(page).to have_selector('.js-fork-suggestion-button', count: 1) + expect(page).to have_selector('.js-cancel-fork-suggestion-button', count: 1) end end end diff --git a/spec/fixtures/api/schemas/public_api/v4/user/public.json b/spec/fixtures/api/schemas/public_api/v4/user/public.json index 5587cfec61a..faa126b65f2 100644 --- a/spec/fixtures/api/schemas/public_api/v4/user/public.json +++ b/spec/fixtures/api/schemas/public_api/v4/user/public.json @@ -9,7 +9,6 @@ "avatar_url", "web_url", "created_at", - "is_admin", "bio", "location", "skype", @@ -43,7 +42,6 @@ "avatar_url": { "type": "string" }, "web_url": { "type": "string" }, "created_at": { "type": "date" }, - "is_admin": { "type": "boolean" }, "bio": { "type": ["string", "null"] }, "location": { "type": ["string", "null"] }, "skype": { "type": "string" }, diff --git a/spec/requests/api/keys_spec.rb b/spec/requests/api/keys_spec.rb index b5586088485..ab957c72984 100644 --- a/spec/requests/api/keys_spec.rb +++ b/spec/requests/api/keys_spec.rb @@ -32,6 +32,12 @@ describe API::Keys do expect(json_response['user']['id']).to eq(user.id) expect(json_response['user']['username']).to eq(user.username) end + + it "does not include the user's `is_admin` flag" do + get api("/keys/#{key.id}", admin) + + expect(json_response['user']['is_admin']).to be_nil + end end end end diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 2c6ae592d91..4919ad19833 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -135,6 +135,12 @@ describe API::Users do expect(json_response['username']).to eq(user.username) end + it "does not return the user's `is_admin` flag" do + get api("/users/#{user.id}", user) + + expect(json_response['is_admin']).to be_nil + end + it "returns a 401 if unauthenticated" do get api("/users/9998") expect(response).to have_http_status(401) @@ -397,7 +403,6 @@ describe API::Users do it "updates admin status" do put api("/users/#{user.id}", admin), { admin: true } expect(response).to have_http_status(200) - expect(json_response['is_admin']).to eq(true) expect(user.reload.admin).to eq(true) end @@ -411,7 +416,6 @@ describe API::Users do it "does not update admin status" do put api("/users/#{admin_user.id}", admin), { can_create_group: false } expect(response).to have_http_status(200) - expect(json_response['is_admin']).to eq(true) expect(admin_user.reload.admin).to eq(true) expect(admin_user.can_create_group).to eq(false) end diff --git a/spec/requests/api/v3/users_spec.rb b/spec/requests/api/v3/users_spec.rb index 05ee704f738..e9c57f7c6c3 100644 --- a/spec/requests/api/v3/users_spec.rb +++ b/spec/requests/api/v3/users_spec.rb @@ -274,5 +274,11 @@ describe API::V3::Users do expect(new_user).to be_confirmed end + + it 'does not reveal the `is_admin` flag of the user' do + post v3_api('/users', admin), attributes_for(:user) + + expect(json_response['is_admin']).to be_nil + end end end |