Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
c6102063
Commit
c6102063
authored
Oct 19, 2012
by
Nihad Abbasov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix mass-assignment error in user create API
parent
770ec335
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
6 additions
and
6 deletions
+6
-6
lib/api/users.rb
lib/api/users.rb
+2
-2
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+4
-4
No files found.
lib/api/users.rb
View file @
c6102063
...
...
@@ -23,7 +23,7 @@ module Gitlab
@user
=
User
.
find
(
params
[
:id
])
present
@user
,
with:
Entities
::
User
end
# Create user. Available only for admin
#
# Parameters:
...
...
@@ -40,7 +40,7 @@ module Gitlab
post
do
authenticated_as_admin!
attrs
=
attributes_for_keys
[
:email
,
:name
,
:password
,
:password_confirmation
,
:skype
,
:linkedin
,
:twitter
,
:projects_limit
]
user
=
User
.
new
attrs
user
=
User
.
new
attrs
,
as: :admin
if
user
.
save
present
user
,
with:
Entities
::
User
else
...
...
spec/requests/api/users_spec.rb
View file @
c6102063
...
...
@@ -4,7 +4,7 @@ describe Gitlab::API do
include
ApiHelpers
let
(
:user
)
{
Factory
:user
}
let
(
:admin
)
{
Factory
:admin
}
let
(
:admin
)
{
Factory
:admin
}
let
(
:key
)
{
Factory
:key
,
user:
user
}
describe
"GET /users"
do
...
...
@@ -42,9 +42,9 @@ describe Gitlab::API do
end
it
"should create user"
do
expect
{
post
api
(
"/users"
,
admin
),
Factory
.
attributes
(
:user
)
}.
to
change
{
User
.
count
}.
by
(
1
)
expect
{
post
api
(
"/users"
,
admin
),
Factory
.
attributes
(
:user
,
projects_limit:
3
)
}.
to
change
{
User
.
count
}.
by
(
1
)
end
it
"shouldn't available for non admin users"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment