summaryrefslogtreecommitdiff
path: root/lib/api/users.rb
Commit message (Collapse)AuthorAgeFilesLines
* API: Use POST to (un)block a userapi-post-blockRobert Schilling2017-02-201-2/+2
|
* Paginate all endpoints that return an arrayRobert Schilling2017-02-161-4/+12
|
* Merge branch '1051-api-create-users-without-password' into 'master' Rémy Coutable2017-02-101-2/+14
|\ | | | | | | | | | | | | Optionally make users created via the API set their password Closes #1051 See merge request !8957
| * Optionally make users created via the API set their passwordJoost Rijneveld2017-02-091-2/+14
| |
* | Fix inconsistent naming for services that delete thingsdixpac2017-02-081-1/+1
|/ | | | | | * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
* Force new password after password reset via APIGeorge Andrinopoulos2017-02-021-0/+2
|
* Fix Users API to accept confirm parameterMark Fletcher2017-01-111-1/+1
|
* Fix the failing spec in POST /users APIfix-users-api-500-errorRémy Coutable2017-01-051-7/+4
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* API: extern_uid is a stringapi-fix-extern-uid-validationRobert Schilling2017-01-031-1/+1
|
* remove build_user from model UserArsenev Vladislav2016-12-181-1/+1
|
* Calls to the API are checked for scope.Timothy Andrew2016-12-161-1/+4
| | | | | | | | | | | | | | - Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
* API: Memoize the current_user so that the sudo can work properlyRémy Coutable2016-12-121-1/+1
| | | | | | | | The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
* adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudotiagonbotelho2016-12-071-8/+8
|
* Reenables /user API request to return private-token if user is admin and ↵tiagonbotelho2016-12-071-1/+1
| | | | requested with sudo
* Use the pagination helper in the APIuse-pagination-helperRobert Schilling2016-12-041-1/+4
|
* Fix StrongAttibutes error with Ruby 2.124730-broken-masterRémy Coutable2016-11-211-4/+5
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Grapify the users APIgrapify-users-apiRobert Schilling2016-11-211-258/+250
|
* Add query param to filter users on 'external' & 'blocked' type on APIYatish Mehta2016-11-081-1/+6
|
* Get rid of extra .page callAirat Shigapov2016-10-241-2/+1
|
* Fix events order in user contributions APIAirat Shigapov2016-10-241-1/+2
|
* API: New /users/:id/events endpointRémy Coutable2016-10-101-0/+20
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add User#organization to users apiDmitriy Zaporozhets2016-09-271-2/+4
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Don't expose a user's private token in the `/api/v3/user` API.Timothy Andrew2016-08-311-1/+1
| | | | | | - This would allow anyone with a personal access token (even a read-only token, once scopes are implemented) to escalate their access by obtaining the private token.
* Enable Style/RedundantParentheses rubocop coprubocop/enable-redundant-parentheses-copGrzegorz Bizon2016-05-301-1/+1
| | | | See #17478
* Add changelog entryFelipe Artur2016-04-181-1/+1
|
* Fix documentation and improve permissions codeFelipe Artur2016-04-181-1/+1
|
* Insert users check into apiFelipe Artur2016-04-181-2/+8
|
* Expose user location in APIRobert Schilling2016-04-061-2/+4
|
* Add missing API docs on external userAchilleas Pipinellis2016-03-171-2/+2
| | | | [ci skip]
* API support for setting External flag on existing usersZeger-Jan van de Weg2016-03-171-1/+2
|
* External UsersZeger-Jan van de Weg2016-03-131-2/+3
| | | | | The user has the rights of a public user execpt it can never create a project, group, or team. Also it cant view internal projects.
* Codestyle changesGabriel Mazetto2016-01-121-3/+3
|
* Prevent ldap_blocked users from being blocked/unblocked by the APIGabriel Mazetto2016-01-081-4/+8
|
* Make single user API endpoint return Entities::User instead of ↵Michi3022015-12-281-1/+1
| | | | Entities::UserBasic
* Add API support for looking up a user by usernameStan Hu2015-12-241-4/+10
| | | | Needed to support Huboard
* Added ability to update or set the identity of an existing user, like the ↵fix-user-identities-apiPatricio Cano2015-09-221-0/+11
| | | | documentation said it was possible, but actually wasn't.
* Restrict users API endpoints to use integer IDsStan Hu2015-08-231-1/+1
| | | | Closes #2267
* Fix indentationDouwe Maan2015-07-311-11/+11
|
* Add ability to manage user email addresses via the API.Douwe Maan2015-07-291-0/+111
|
* Allow user to be blocked and unblocked via the APISteve Norman2015-07-031-0/+30
|
* Fix error when deleting a user who has projectsStan Hu2015-06-231-1/+1
| | | | | Closes #1856 Closes https://github.com/gitlabhq/gitlabhq/issues/9394
* You can not remove user if he/she is an only owner of groupDmitriy Zaporozhets2015-05-281-1/+1
| | | | | | | To prevent loose of group data you need to transfer or remove group first before you can remove user Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Change ordering so that confirm is removed from attrs before attempting to ↵RICKETTM@uk.ibm.com2015-03-241-2/+2
| | | | User.build_user
* Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirmDmitriy Zaporozhets2015-02-271-5/+9
|\ | | | | | | | | Conflicts: lib/api/users.rb
| * Supporting for multiple omniauth provider for the same userValery Sizov2014-12-041-4/+8
| |
* | Add 'confirm' option to users apiMatthew Monaco2014-11-031-1/+4
|/
* Improve error reporting on users APIjubianchi2014-09-161-21/+37
| | | | | | | | * users (#6878, #3526, #4209): Validation error messages are now exposed through 400 responses, 409 response are sent in case of duplicate email or username * MRs (#5335): 409 responses are sent in case of duplicate merge request (source/target branches), 422 responses are sent when submiting MR fo/from unrelated forks * issues * labels * projects
* Fix signup and project visibilityDmitriy Zaporozhets2014-06-301-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Make app works with strong paramsDmitriy Zaporozhets2014-06-261-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Dont expose user email via APIDmitriy Zaporozhets2014-06-131-4/+14
| | | | | | | | | | | | | To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
View Lorry Controller Status