Commit 836104b4 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge pull request #5213 from bladealslayer/feature/user_api_extended

Extended User API to expose admin and can_create_group for user creation...
parents e48c6fab 5b657a65
...@@ -23,7 +23,9 @@ GET /users ...@@ -23,7 +23,9 @@ GET /users
"extern_uid": "john.smith", "extern_uid": "john.smith",
"provider": "provider_name", "provider": "provider_name",
"theme_id": 1, "theme_id": 1,
"color_scheme_id": 2 "color_scheme_id": 2,
"is_admin": false,
"can_create_group": true
}, },
{ {
"id": 2, "id": 2,
...@@ -39,7 +41,9 @@ GET /users ...@@ -39,7 +41,9 @@ GET /users
"extern_uid": "jack.smith", "extern_uid": "jack.smith",
"provider": "provider_name", "provider": "provider_name",
"theme_id": 1, "theme_id": 1,
"color_scheme_id": 3 "color_scheme_id": 3,
"is_admin": false,
"can_create_group": true
} }
] ]
``` ```
...@@ -72,7 +76,9 @@ Parameters: ...@@ -72,7 +76,9 @@ Parameters:
"extern_uid": "john.smith", "extern_uid": "john.smith",
"provider": "provider_name", "provider": "provider_name",
"theme_id": 1, "theme_id": 1,
"color_scheme_id": 2 "color_scheme_id": 2,
"is_admin": false,
"can_create_group": true
} }
``` ```
...@@ -98,6 +104,8 @@ Parameters: ...@@ -98,6 +104,8 @@ Parameters:
+ `extern_uid` (optional) - External UID + `extern_uid` (optional) - External UID
+ `provider` (optional) - External provider name + `provider` (optional) - External provider name
+ `bio` (optional) - User's bio + `bio` (optional) - User's bio
+ `admin` (optional) - User is admin - true or false (default)
+ `can_create_group` (optional) - User can create groups - true or false
## User modification ## User modification
...@@ -121,6 +129,8 @@ Parameters: ...@@ -121,6 +129,8 @@ Parameters:
+ `extern_uid` - External UID + `extern_uid` - External UID
+ `provider` - External provider name + `provider` - External provider name
+ `bio` - User's bio + `bio` - User's bio
+ `admin` (optional) - User is admin - true or false (default)
+ `can_create_group` (optional) - User can create groups - true or false
Note, at the moment this method does only return a 404 error, even in cases where a 409 (Conflict) would Note, at the moment this method does only return a 404 error, even in cases where a 409 (Conflict) would
be more appropriate, e.g. when renaming the email address to some existing one. be more appropriate, e.g. when renaming the email address to some existing one.
...@@ -166,7 +176,6 @@ GET /user ...@@ -166,7 +176,6 @@ GET /user
"color_scheme_id": 2, "color_scheme_id": 2,
"is_admin": false, "is_admin": false,
"can_create_group" : true, "can_create_group" : true,
"can_create_team" : true,
"can_create_project" : true "can_create_project" : true
} }
``` ```
......
...@@ -3,6 +3,9 @@ module API ...@@ -3,6 +3,9 @@ module API
class User < Grape::Entity class User < Grape::Entity
expose :id, :username, :email, :name, :bio, :skype, :linkedin, :twitter, expose :id, :username, :email, :name, :bio, :skype, :linkedin, :twitter,
:theme_id, :color_scheme_id, :state, :created_at, :extern_uid, :provider :theme_id, :color_scheme_id, :state, :created_at, :extern_uid, :provider
expose :is_admin?, as: :is_admin
expose :can_create_group?, as: :can_create_group
expose :can_create_project?, as: :can_create_project
end end
class UserSafe < Grape::Entity class UserSafe < Grape::Entity
...@@ -15,10 +18,6 @@ module API ...@@ -15,10 +18,6 @@ module API
class UserLogin < User class UserLogin < User
expose :private_token expose :private_token
expose :is_admin?, as: :is_admin
expose :can_create_group?, as: :can_create_group
expose :can_create_project?, as: :can_create_project
expose :can_create_team?, as: :can_create_team
end end
class Hook < Grape::Entity class Hook < Grape::Entity
......
...@@ -86,7 +86,7 @@ module API ...@@ -86,7 +86,7 @@ module API
def attributes_for_keys(keys) def attributes_for_keys(keys)
attrs = {} attrs = {}
keys.each do |key| keys.each do |key|
attrs[key] = params[key] if params[key].present? attrs[key] = params[key] if params[key].present? or (params.has_key?(key) and params[key] == false)
end end
attrs attrs
end end
......
...@@ -40,13 +40,17 @@ module API ...@@ -40,13 +40,17 @@ module API
# extern_uid - External authentication provider UID # extern_uid - External authentication provider UID
# provider - External provider # provider - External provider
# bio - Bio # bio - Bio
# admin - User is admin - true or false (default)
# can_create_group - User can create groups - true or false
# Example Request: # Example Request:
# POST /users # POST /users
post do post do
authenticated_as_admin! authenticated_as_admin!
required_attributes! [:email, :password, :name, :username] required_attributes! [:email, :password, :name, :username]
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
user = User.build_user(attrs, as: :admin) user = User.build_user(attrs, as: :admin)
admin = attrs.delete(:admin)
user.admin = admin unless admin.nil?
if user.save if user.save
present user, with: Entities::User present user, with: Entities::User
else else
...@@ -67,16 +71,20 @@ module API ...@@ -67,16 +71,20 @@ module API
# extern_uid - External authentication provider UID # extern_uid - External authentication provider UID
# provider - External provider # provider - External provider
# bio - Bio # bio - Bio
# admin - User is admin - true or false (default)
# can_create_group - User can create groups - true or false
# Example Request: # Example Request:
# PUT /users/:id # PUT /users/:id
put ":id" do put ":id" do
authenticated_as_admin! authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
user = User.find(params[:id]) user = User.find(params[:id])
not_found!("User not found") unless user not_found!("User not found") unless user
if user.update_attributes(attrs) admin = attrs.delete(:admin)
user.admin = admin unless admin.nil?
if user.update_attributes(attrs, as: :admin)
present user, with: Entities::User present user, with: Entities::User
else else
not_found! not_found!
......
...@@ -52,6 +52,35 @@ describe API::API do ...@@ -52,6 +52,35 @@ describe API::API do
}.to change { User.count }.by(1) }.to change { User.count }.by(1)
end end
it "should create user with correct attributes" do
post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true)
response.status.should == 201
user_id = json_response['id']
new_user = User.find(user_id)
new_user.should_not == nil
new_user.admin.should == true
new_user.can_create_group.should == true
end
it "should create non-admin user" do
post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
response.status.should == 201
user_id = json_response['id']
new_user = User.find(user_id)
new_user.should_not == nil
new_user.admin.should == false
new_user.can_create_group.should == false
end
it "should create non-admin users by default" do
post api('/users', admin), attributes_for(:user)
response.status.should == 201
user_id = json_response['id']
new_user = User.find(user_id)
new_user.should_not == nil
new_user.admin.should == false
end
it "should return 201 Created on success" do it "should return 201 Created on success" do
post api("/users", admin), attributes_for(:user, projects_limit: 3) post api("/users", admin), attributes_for(:user, projects_limit: 3)
response.status.should == 201 response.status.should == 201
...@@ -135,6 +164,8 @@ describe API::API do ...@@ -135,6 +164,8 @@ describe API::API do
end end
describe "PUT /users/:id" do describe "PUT /users/:id" do
let!(:admin_user) { create(:admin) }
before { admin } before { admin }
it "should update user with new bio" do it "should update user with new bio" do
...@@ -144,6 +175,21 @@ describe API::API do ...@@ -144,6 +175,21 @@ describe API::API do
user.reload.bio.should == 'new test bio' user.reload.bio.should == 'new test bio'
end end
it "should update admin status" do
put api("/users/#{user.id}", admin), {admin: true}
response.status.should == 200
json_response['is_admin'].should == true
user.reload.admin.should == true
end
it "should not update admin status" do
put api("/users/#{admin_user.id}", admin), {can_create_group: false}
response.status.should == 200
json_response['is_admin'].should == true
admin_user.reload.admin.should == true
admin_user.can_create_group.should == false
end
it "should not allow invalid update" do it "should not allow invalid update" do
put api("/users/#{user.id}", admin), {email: 'invalid email'} put api("/users/#{user.id}", admin), {email: 'invalid email'}
response.status.should == 404 response.status.should == 404
...@@ -228,7 +274,6 @@ describe API::API do ...@@ -228,7 +274,6 @@ describe API::API do
response.status.should == 200 response.status.should == 200
json_response['email'].should == user.email json_response['email'].should == user.email
json_response['is_admin'].should == user.is_admin? json_response['is_admin'].should == user.is_admin?
json_response['can_create_team'].should == user.can_create_team?
json_response['can_create_project'].should == user.can_create_project? json_response['can_create_project'].should == user.can_create_project?
json_response['can_create_group'].should == user.can_create_group? json_response['can_create_group'].should == user.can_create_group?
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment