fix mass-assignment error in user create API

2012-10-19 03:23:10 -07:00 · 2012-10-19 03:23:10 -07:00 · c610206321
parent 770ec3359d
commit c610206321
2 changed files with 6 additions and 6 deletions
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@ -23,7 +23,7 @@ module Gitlab
        @user = User.find(params[:id])
        present @user, with: Entities::User
      end
-      
+
      # Create user. Available only for admin
      #
      # Parameters:
@ -40,7 +40,7 @@ module Gitlab
      post do
        authenticated_as_admin!
        attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit]
-        user = User.new attrs
+        user = User.new attrs, as: :admin
        if user.save
          present user, with: Entities::User
        else
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@ -4,7 +4,7 @@ describe Gitlab::API do
  include ApiHelpers

  let(:user)  { Factory :user }
-  let(:admin) {Factory :admin}
+  let(:admin) { Factory :admin }
  let(:key)   { Factory :key, user: user }

  describe "GET /users" do
@ -42,9 +42,9 @@ describe Gitlab::API do
    end

    it "should create user" do
-      expect{
-        post api("/users", admin), Factory.attributes(:user)
-      }.to change{User.count}.by(1)
+      expect {
+        post api("/users", admin), Factory.attributes(:user, projects_limit: 3)
+      }.to change { User.count }.by(1)
    end

    it "shouldn't available for non admin users" do