summaryrefslogtreecommitdiff
path: root/lib/api/users.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '2563-backport-ee1942' into 'master'Grzegorz Bizon2017-06-071-4/+0
|\ | | | | | | | | | | | | Backport some EE changes from adding shared_runners_minutes_limit to the API Closes gitlab-ee#2563 See merge request !11936
| * Backport https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1942Lin Jen-Shin2017-06-061-4/+0
| |
* | Introduce an Events APIMark Fletcher2017-06-061-21/+0
|/ | | | | | | | | | | * Meld the following disparate endpoints: * `/projects/:id/events` * `/events` * `/users/:id/events` + Add result filtering to the above endpoints: * action * target_type * before and after dates
* Refactor the DeleteUserWorkerNick Thomas2017-06-051-1/+1
|
* Allow users to be hard-deleted from the APINick Thomas2017-06-021-1/+2
|
* Create a Users FinderGeorge Andrinopoulos2017-05-151-10/+1
|
* Don't display the `is_admin?` flag for user API responses.Timothy Andrew2017-04-251-1/+1
| | | | | | | | | | | - To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint
* Merge branch 'query-users-by-extern-uid' into 'master'Robert Speicher2017-04-191-8/+14
|\ | | | | | | | | Implement search by extern_uid in Users API See merge request !10509
| * Implement search by extern_uid in Users APIRobin Bobbitt2017-04-181-8/+14
| |
* | Remove unused user activities codeSean McGivern2017-04-141-1/+0
| |
* | Expose `last_activity_on` in the User APIRémy Coutable2017-04-141-8/+6
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | Port 'Add user activities API' to CESean McGivern2017-04-141-0/+18
|/ | | | CE port of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/962
* Separate CE params on Grape APIOswaldo Ferreira2017-04-101-0/+2
|
* Remove the User#is_admin? methodblackst0ne2017-04-091-3/+3
|
* ProjectsFinder should handle more optionsJacopo2017-04-061-1/+1
| | | | | | | | | | | | | | | | | | | Extended ProjectFinder in order to handle the following options: - current_user - which user use - project_ids_relation: int[] - project ids to use - params: - trending: boolean - non_public: boolean - starred: boolean - sort: string - visibility_level: int - tags: string[] - personal: boolean - search: string - non_archived: boolean GroupProjectsFinder now inherits from ProjectsFinder. Changed the code in order to use the new available options.
* Delete users asynchronouslysh-fix-destroy-user-raceStan Hu2017-04-021-1/+1
|
* Implement new service for creating userGeorge Andrinopoulos2017-03-271-23/+4
|
* use a magic default :global symbol instead of nilhttp://jneen.net/2017-03-091-1/+1
| | | | to make sure we mean the global permissions
* apply codestyle and implementation changes to the respective feature codepersonal_access_token_api_and_impersonation_tokenTiago Botelho2017-03-061-40/+36
|
* refactors finder and correlated codeTiago Botelho2017-03-011-17/+13
|
* applies relevant changes to the code and code structureTiago Botelho2017-02-281-36/+26
|
* refactors documentation and personal access tokens form to not allow admins ↵Tiago Botelho2017-02-281-50/+76
| | | | to generate non impersionation tokens
* add impersonation tokenSimon Vocella2017-02-281-2/+5
|
* manage personal_access_tokens through apiSimon Vocella2017-02-281-0/+64
|
* Return 204 for delete endpointsRobert Schilling2017-02-281-2/+2
|
* Revert "Prefer leading style for Style/DotPosition"Douwe Maan2017-02-231-15/+15
| | | | This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
* Prefer leading style for Style/DotPositionDouwe Maan2017-02-231-15/+15
|
* Enable Performance/RedundantMergeDouwe Maan2017-02-231-1/+1
|
* API: Use POST to (un)block a userapi-post-blockRobert Schilling2017-02-201-2/+2
|
* Paginate all endpoints that return an arrayRobert Schilling2017-02-161-4/+12
|
* Merge branch '1051-api-create-users-without-password' into 'master' Rémy Coutable2017-02-101-2/+14
|\ | | | | | | | | | | | | Optionally make users created via the API set their password Closes #1051 See merge request !8957
| * Optionally make users created via the API set their passwordJoost Rijneveld2017-02-091-2/+14
| |
* | Fix inconsistent naming for services that delete thingsdixpac2017-02-081-1/+1
|/ | | | | | * Changed name of delete_user_service and worker to destroy * Move and change delete_group_service to Groups::DestroyService * Rename Notes::DeleteService to Notes::DestroyService
* Force new password after password reset via APIGeorge Andrinopoulos2017-02-021-0/+2
|
* Fix Users API to accept confirm parameterMark Fletcher2017-01-111-1/+1
|
* Fix the failing spec in POST /users APIfix-users-api-500-errorRémy Coutable2017-01-051-7/+4
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* API: extern_uid is a stringapi-fix-extern-uid-validationRobert Schilling2017-01-031-1/+1
|
* remove build_user from model UserArsenev Vladislav2016-12-181-1/+1
|
* Calls to the API are checked for scope.Timothy Andrew2016-12-161-1/+4
| | | | | | | | | | | | | | - Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
* API: Memoize the current_user so that the sudo can work properlyRémy Coutable2016-12-121-1/+1
| | | | | | | | The issue was arising when `#current_user` was called a second time after a user was impersonated: the `User#is_admin?` check would be performed on it and it would fail. Signed-off-by: Rémy Coutable <remy@rymai.me>
* adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudotiagonbotelho2016-12-071-8/+8
|
* Reenables /user API request to return private-token if user is admin and ↵tiagonbotelho2016-12-071-1/+1
| | | | requested with sudo
* Use the pagination helper in the APIuse-pagination-helperRobert Schilling2016-12-041-1/+4
|
* Fix StrongAttibutes error with Ruby 2.124730-broken-masterRémy Coutable2016-11-211-4/+5
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Grapify the users APIgrapify-users-apiRobert Schilling2016-11-211-258/+250
|
* Add query param to filter users on 'external' & 'blocked' type on APIYatish Mehta2016-11-081-1/+6
|
* Get rid of extra .page callAirat Shigapov2016-10-241-2/+1
|
* Fix events order in user contributions APIAirat Shigapov2016-10-241-1/+2
|
* API: New /users/:id/events endpointRémy Coutable2016-10-101-0/+20
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Add User#organization to users apiDmitriy Zaporozhets2016-09-271-2/+4
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
View Lorry Controller Status