fix mass-assignment error in user create API

c6102063 · Nihad Abbasov · 770ec335 · c6102063 · c6102063
Commit c6102063 authored Oct 19, 2012 by Nihad Abbasov
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

lib/api/users.rb lib/api/users.rb +2 -2

spec/requests/api/users_spec.rb spec/requests/api/users_spec.rb +4 -4

No files found.
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -40,7 +40,7 @@ module Gitlab
      post do
        authenticated_as_admin!
        attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit]
-        user = User.new attrs
+        user = User.new attrs, as: :admin
        if user.save
          present user, with: Entities::User
        else

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -4,7 +4,7 @@ describe Gitlab::API do
  include ApiHelpers
  let(:user)  { Factory :user }
-  let(:admin) {Factory :admin}
+  let(:admin) { Factory :admin }
  let(:key)   { Factory :key, user: user }
  describe "GET /users" do
@@ -42,9 +42,9 @@ describe Gitlab::API do
    end
    it "should create user" do
-      expect{
+      expect {
-        post api("/users", admin), Factory.attributes(:user)
+        post api("/users", admin), Factory.attributes(:user, projects_limit: 3)
-      }.to change{User.count}.by(1)
+      }.to change { User.count }.by(1)
    end
    it "shouldn't available for non admin users" do