Extended users API to support updating and deleting users.

Also added tests.

Extended users API to support updating and deleting users.
Also added tests.
e954438a · Boyan Tabakov · f4a6f1fd · e954438a · e954438a · e954438a
Commit e954438a authored Dec 18, 2012 by Boyan Tabakov
Showing with 138 additions and 2 deletions

doc/api/users.md doc/api/users.md +43 -0

lib/api/entities.rb lib/api/entities.rb +1 -1

lib/api/users.rb lib/api/users.rb +46 -1

spec/requests/api/users_spec.rb spec/requests/api/users_spec.rb +48 -0

No files found.
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -20,6 +20,8 @@ GET /users
    "linkedin": "",
    "twitter": "",
    "dark_scheme": false,
+    "extern_uid": "john.smith",
+    "provider": "provider_name",
    "theme_id": 1
  },
  {
@@ -34,6 +36,8 @@ GET /users
    "linkedin": "",
    "twitter": "",
    "dark_scheme": true,
+    "extern_uid": "jack.smith",
+    "provider": "provider_name",
    "theme_id": 1
  }
 ]
@@ -64,6 +68,8 @@ Parameters:
  "linkedin": "",
  "twitter": "",
  "dark_scheme": false,
+  "extern_uid": "john.smith",
+  "provider": "provider_name",
  "theme_id": 1
 }
 ```
@@ -84,10 +90,47 @@ Parameters:
 + `linkedin`                          - Linkedin
 + `twitter`                           - Twitter account
 + `projects_limit`                    - Number of projects user can create
+ `extern_uid`                        - External UID
+ `provider`                          - External provider name
+ `bio`                               - User's bio

 Will return created user with status `201 Created` on success, or `404 Not
 found` on fail.

+## User modification
+Modify user. Available only for admin
+
+```
+PUT /users/:id
+```
+
+Parameters:
+ `email`                             - Email
+ `username`                          - Username
+ `name`                              - Name
+ `password`                          - Password
+ `skype`                             - Skype ID
+ `linkedin`                          - Linkedin
+ `twitter`                           - Twitter account
+ `projects_limit`                    - Limit projects wich user can create
+ `extern_uid`                        - External UID
+ `provider`                          - External provider name
+ `bio`                               - User's bio
+
+
+Will return created user with status `200 OK` on success, or `404 Not
+found` on fail.
+
+## User deletion
+Delete user. Available only for admin
+
+```
+DELETE /users/:id
+```
+
+Will return deleted user with status `200 OK` on success, or `404 Not
+found` on fail.
+
 ## Current user

 Get currently authenticated user.

--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -2,7 +2,7 @@ module Gitlab
  module Entities
    class User < Grape::Entity
      expose :id, :username, :email, :name, :bio, :skype, :linkedin, :twitter,
-             :dark_scheme, :theme_id, :blocked, :created_at
+             :dark_scheme, :theme_id, :blocked, :created_at, :extern_uid, :provider
    end

    class UserBasic < Grape::Entity

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -34,11 +34,14 @@ module Gitlab
      #   linkedin                          - Linkedin
      #   twitter                           - Twitter account
      #   projects_limit                    - Number of projects user can create
+      #   extern_uid                        - External authentication provider UID
+      #   provider                          - External provider
+      #   bio                               - Bio
      # Example Request:
      #   POST /users
      post do
        authenticated_as_admin!
-        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username]
+        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
        user = User.new attrs, as: :admin
        if user.save
          present user, with: Entities::User
@@ -46,6 +49,48 @@ module Gitlab
          not_found!
        end
      end
+
+      # Update user. Available only for admin
+      #
+      # Parameters:
+      #   email                             - Email
+      #   name                              - Name
+      #   password                          - Password
+      #   skype                             - Skype ID
+      #   linkedin                          - Linkedin
+      #   twitter                           - Twitter account
+      #   projects_limit                    - Limit projects wich user can create
+      #   extern_uid                        - External authentication provider UID
+      #   provider                          - External provider
+      #   bio                               - Bio
+      # Example Request:
+      #   PUT /users/:id
+      put ":id" do
+        authenticated_as_admin!
+        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
+        user = User.find_by_id(params[:id])
+
+        if user && user.update_attributes(attrs)
+          present user, with: Entities::User
+        else
+          not_found!
+        end
+      end
+
+      # Delete user. Available only for admin
+      #
+      # Example Request:
+      #   DELETE /users/:id
+      delete ":id" do
+        authenticated_as_admin!
+        user = User.find_by_id(params[:id])
+
+        if user
+          user.destroy
+        else
+          not_found!
+        end
+      end
    end

    resource :user do

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -53,6 +53,54 @@ describe Gitlab::API do
    end
  end

+  describe "PUT /users/:id" do
+    before { admin }
+
+    it "should update user" do
+      put api("/users/#{user.id}", admin), {bio: 'new test bio'}
+      response.status.should == 200
+      json_response['bio'].should == 'new test bio'
+      user.reload.bio.should == 'new test bio'
+    end
+
+    it "should not allow invalid update" do
+      put api("/users/#{user.id}", admin), {email: 'invalid email'}
+      response.status.should == 404
+      user.reload.email.should_not == 'invalid email'
+    end
+
+    it "shouldn't available for non admin users" do
+      put api("/users/#{user.id}", user), attributes_for(:user)
+      response.status.should == 403
+    end
+
+    it "should return 404 for non-existing user" do
+      put api("/users/999999", admin), {bio: 'update should fail'}
+      response.status.should == 404
+    end
+  end
+
+  describe "DELETE /users/:id" do
+    before { admin }
+
+    it "should delete user" do
+      delete api("/users/#{user.id}", admin)
+      response.status.should == 200
+      expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
+      json_response['email'].should == user.email
+    end
+
+    it "shouldn't available for non admin users" do
+      delete api("/users/#{user.id}", user)
+      response.status.should == 403
+    end
+
+    it "should return 404 for non-existing user" do
+      delete api("/users/999999", admin)
+      response.status.should == 404
+    end
+  end
+
  describe "GET /user" do
    it "should return current user" do
      get api("/user", user)