Commit e954438a authored by Boyan Tabakov's avatar Boyan Tabakov

Extended users API to support updating and deleting users.

Also added tests.
parent f4a6f1fd
......@@ -20,6 +20,8 @@ GET /users
"linkedin": "",
"twitter": "",
"dark_scheme": false,
"extern_uid": "john.smith",
"provider": "provider_name",
"theme_id": 1
},
{
......@@ -34,6 +36,8 @@ GET /users
"linkedin": "",
"twitter": "",
"dark_scheme": true,
"extern_uid": "jack.smith",
"provider": "provider_name",
"theme_id": 1
}
]
......@@ -64,6 +68,8 @@ Parameters:
"linkedin": "",
"twitter": "",
"dark_scheme": false,
"extern_uid": "john.smith",
"provider": "provider_name",
"theme_id": 1
}
```
......@@ -84,10 +90,47 @@ Parameters:
+ `linkedin` - Linkedin
+ `twitter` - Twitter account
+ `projects_limit` - Number of projects user can create
+ `extern_uid` - External UID
+ `provider` - External provider name
+ `bio` - User's bio
Will return created user with status `201 Created` on success, or `404 Not
found` on fail.
## User modification
Modify user. Available only for admin
```
PUT /users/:id
```
Parameters:
+ `email` - Email
+ `username` - Username
+ `name` - Name
+ `password` - Password
+ `skype` - Skype ID
+ `linkedin` - Linkedin
+ `twitter` - Twitter account
+ `projects_limit` - Limit projects wich user can create
+ `extern_uid` - External UID
+ `provider` - External provider name
+ `bio` - User's bio
Will return created user with status `200 OK` on success, or `404 Not
found` on fail.
## User deletion
Delete user. Available only for admin
```
DELETE /users/:id
```
Will return deleted user with status `200 OK` on success, or `404 Not
found` on fail.
## Current user
Get currently authenticated user.
......
......@@ -2,7 +2,7 @@ module Gitlab
module Entities
class User < Grape::Entity
expose :id, :username, :email, :name, :bio, :skype, :linkedin, :twitter,
:dark_scheme, :theme_id, :blocked, :created_at
:dark_scheme, :theme_id, :blocked, :created_at, :extern_uid, :provider
end
class UserBasic < Grape::Entity
......
......@@ -34,11 +34,14 @@ module Gitlab
# linkedin - Linkedin
# twitter - Twitter account
# projects_limit - Number of projects user can create
# extern_uid - External authentication provider UID
# provider - External provider
# bio - Bio
# Example Request:
# POST /users
post do
authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username]
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
user = User.new attrs, as: :admin
if user.save
present user, with: Entities::User
......@@ -46,6 +49,48 @@ module Gitlab
not_found!
end
end
# Update user. Available only for admin
#
# Parameters:
# email - Email
# name - Name
# password - Password
# skype - Skype ID
# linkedin - Linkedin
# twitter - Twitter account
# projects_limit - Limit projects wich user can create
# extern_uid - External authentication provider UID
# provider - External provider
# bio - Bio
# Example Request:
# PUT /users/:id
put ":id" do
authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
user = User.find_by_id(params[:id])
if user && user.update_attributes(attrs)
present user, with: Entities::User
else
not_found!
end
end
# Delete user. Available only for admin
#
# Example Request:
# DELETE /users/:id
delete ":id" do
authenticated_as_admin!
user = User.find_by_id(params[:id])
if user
user.destroy
else
not_found!
end
end
end
resource :user do
......
......@@ -53,6 +53,54 @@ describe Gitlab::API do
end
end
describe "PUT /users/:id" do
before { admin }
it "should update user" do
put api("/users/#{user.id}", admin), {bio: 'new test bio'}
response.status.should == 200
json_response['bio'].should == 'new test bio'
user.reload.bio.should == 'new test bio'
end
it "should not allow invalid update" do
put api("/users/#{user.id}", admin), {email: 'invalid email'}
response.status.should == 404
user.reload.email.should_not == 'invalid email'
end
it "shouldn't available for non admin users" do
put api("/users/#{user.id}", user), attributes_for(:user)
response.status.should == 403
end
it "should return 404 for non-existing user" do
put api("/users/999999", admin), {bio: 'update should fail'}
response.status.should == 404
end
end
describe "DELETE /users/:id" do
before { admin }
it "should delete user" do
delete api("/users/#{user.id}", admin)
response.status.should == 200
expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound
json_response['email'].should == user.email
end
it "shouldn't available for non admin users" do
delete api("/users/#{user.id}", user)
response.status.should == 403
end
it "should return 404 for non-existing user" do
delete api("/users/999999", admin)
response.status.should == 404
end
end
describe "GET /user" do
it "should return current user" do
get api("/user", user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment