Extended users API to support updating and deleting users.
Also added tests.
This commit is contained in:
parent
f4a6f1fd5a
commit
e954438a1d
4 changed files with 138 additions and 2 deletions
|
@ -20,6 +20,8 @@ GET /users
|
|||
"linkedin": "",
|
||||
"twitter": "",
|
||||
"dark_scheme": false,
|
||||
"extern_uid": "john.smith",
|
||||
"provider": "provider_name",
|
||||
"theme_id": 1
|
||||
},
|
||||
{
|
||||
|
@ -34,6 +36,8 @@ GET /users
|
|||
"linkedin": "",
|
||||
"twitter": "",
|
||||
"dark_scheme": true,
|
||||
"extern_uid": "jack.smith",
|
||||
"provider": "provider_name",
|
||||
"theme_id": 1
|
||||
}
|
||||
]
|
||||
|
@ -64,6 +68,8 @@ Parameters:
|
|||
"linkedin": "",
|
||||
"twitter": "",
|
||||
"dark_scheme": false,
|
||||
"extern_uid": "john.smith",
|
||||
"provider": "provider_name",
|
||||
"theme_id": 1
|
||||
}
|
||||
```
|
||||
|
@ -84,10 +90,47 @@ Parameters:
|
|||
+ `linkedin` - Linkedin
|
||||
+ `twitter` - Twitter account
|
||||
+ `projects_limit` - Number of projects user can create
|
||||
+ `extern_uid` - External UID
|
||||
+ `provider` - External provider name
|
||||
+ `bio` - User's bio
|
||||
|
||||
Will return created user with status `201 Created` on success, or `404 Not
|
||||
found` on fail.
|
||||
|
||||
## User modification
|
||||
Modify user. Available only for admin
|
||||
|
||||
```
|
||||
PUT /users/:id
|
||||
```
|
||||
|
||||
Parameters:
|
||||
+ `email` - Email
|
||||
+ `username` - Username
|
||||
+ `name` - Name
|
||||
+ `password` - Password
|
||||
+ `skype` - Skype ID
|
||||
+ `linkedin` - Linkedin
|
||||
+ `twitter` - Twitter account
|
||||
+ `projects_limit` - Limit projects wich user can create
|
||||
+ `extern_uid` - External UID
|
||||
+ `provider` - External provider name
|
||||
+ `bio` - User's bio
|
||||
|
||||
|
||||
Will return created user with status `200 OK` on success, or `404 Not
|
||||
found` on fail.
|
||||
|
||||
## User deletion
|
||||
Delete user. Available only for admin
|
||||
|
||||
```
|
||||
DELETE /users/:id
|
||||
```
|
||||
|
||||
Will return deleted user with status `200 OK` on success, or `404 Not
|
||||
found` on fail.
|
||||
|
||||
## Current user
|
||||
|
||||
Get currently authenticated user.
|
||||
|
|
|
@ -2,7 +2,7 @@ module Gitlab
|
|||
module Entities
|
||||
class User < Grape::Entity
|
||||
expose :id, :username, :email, :name, :bio, :skype, :linkedin, :twitter,
|
||||
:dark_scheme, :theme_id, :blocked, :created_at
|
||||
:dark_scheme, :theme_id, :blocked, :created_at, :extern_uid, :provider
|
||||
end
|
||||
|
||||
class UserBasic < Grape::Entity
|
||||
|
|
|
@ -34,11 +34,14 @@ module Gitlab
|
|||
# linkedin - Linkedin
|
||||
# twitter - Twitter account
|
||||
# projects_limit - Number of projects user can create
|
||||
# extern_uid - External authentication provider UID
|
||||
# provider - External provider
|
||||
# bio - Bio
|
||||
# Example Request:
|
||||
# POST /users
|
||||
post do
|
||||
authenticated_as_admin!
|
||||
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username]
|
||||
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
|
||||
user = User.new attrs, as: :admin
|
||||
if user.save
|
||||
present user, with: Entities::User
|
||||
|
@ -46,6 +49,48 @@ module Gitlab
|
|||
not_found!
|
||||
end
|
||||
end
|
||||
|
||||
# Update user. Available only for admin
|
||||
#
|
||||
# Parameters:
|
||||
# email - Email
|
||||
# name - Name
|
||||
# password - Password
|
||||
# skype - Skype ID
|
||||
# linkedin - Linkedin
|
||||
# twitter - Twitter account
|
||||
# projects_limit - Limit projects wich user can create
|
||||
# extern_uid - External authentication provider UID
|
||||
# provider - External provider
|
||||
# bio - Bio
|
||||
# Example Request:
|
||||
# PUT /users/:id
|
||||
put ":id" do
|
||||
authenticated_as_admin!
|
||||
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
|
||||
user = User.find_by_id(params[:id])
|
||||
|
||||
if user && user.update_attributes(attrs)
|
||||
present user, with: Entities::User
|
||||
else
|
||||
not_found!
|
||||
end
|
||||
end
|
||||
|
||||
# Delete user. Available only for admin
|
||||
#
|
||||
# Example Request:
|
||||
# DELETE /users/:id
|
||||
delete ":id" do
|
||||
authenticated_as_admin!
|
||||
user = User.find_by_id(params[:id])
|
||||
|
||||
if user
|
||||
user.destroy
|
||||
else
|
||||
not_found!
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
resource :user do
|
||||
|
|
|
@ -53,6 +53,54 @@ describe Gitlab::API do
|
|||
end
|
||||
end
|
||||
|
||||
describe "PUT /users/:id" do
|
||||
before { admin }
|
||||
|
||||
it "should update user" do
|
||||
put api("/users/#{user.id}", admin), {bio: 'new test bio'}
|
||||
response.status.should == 200
|
||||
json_response['bio'].should == 'new test bio'
|
||||
user.reload.bio.should == 'new test bio'
|
||||
end
|
||||
|
||||
it "should not allow invalid update" do
|
||||
put api("/users/#{user.id}", admin), {email: 'invalid email'}
|
||||
response.status.should == 404
|
||||
user.reload.email.should_not == 'invalid email'
|
||||
end
|
||||
|
||||
it "shouldn't available for non admin users" do
|
||||
put api("/users/#{user.id}", user), attributes_for(:user)
|
||||
response.status.should == 403
|
||||
end
|
||||
|
||||
it "should return 404 for non-existing user" do
|
||||
put api("/users/999999", admin), {bio: 'update should fail'}
|
||||
response.status.should == 404
|
||||
end
|
||||
end
|
||||
|
||||
describe "DELETE /users/:id" do
|
||||
before { admin }
|
||||
|
||||
it "should delete user" do
|
||||
delete api("/users/#{user.id}", admin)
|
||||
response.status.should == 200
|
||||
expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
|
||||
json_response['email'].should == user.email
|
||||
end
|
||||
|
||||
it "shouldn't available for non admin users" do
|
||||
delete api("/users/#{user.id}", user)
|
||||
response.status.should == 403
|
||||
end
|
||||
|
||||
it "should return 404 for non-existing user" do
|
||||
delete api("/users/999999", admin)
|
||||
response.status.should == 404
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /user" do
|
||||
it "should return current user" do
|
||||
get api("/user", user)
|
||||
|
|
Loading…
Reference in a new issue