Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
8f690604
Commit
8f690604
authored
Feb 20, 2017
by
Robert Schilling
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
API: Use POST to (un)block a user
parent
bc0b438d
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
127 additions
and
21 deletions
+127
-21
changelogs/unreleased/api-post-block.yml
changelogs/unreleased/api-post-block.yml
+4
-0
doc/api/users.md
doc/api/users.md
+4
-4
doc/api/v3_to_v4.md
doc/api/v3_to_v4.md
+1
-0
lib/api/users.rb
lib/api/users.rb
+2
-2
lib/api/v3/users.rb
lib/api/v3/users.rb
+32
-0
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+15
-15
spec/requests/api/v3/users_spec.rb
spec/requests/api/v3/users_spec.rb
+69
-0
No files found.
changelogs/unreleased/api-post-block.yml
0 → 100644
View file @
8f690604
---
title
:
'
API:
Use
POST
to
(un)block
a
user'
merge_request
:
9371
author
:
Robert Schilling
doc/api/users.md
View file @
8f690604
...
@@ -659,14 +659,14 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
...
@@ -659,14 +659,14 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
Blocks the specified user. Available only for admin.
Blocks the specified user. Available only for admin.
```
```
P
U
T /users/:id/block
P
OS
T /users/:id/block
```
```
Parameters:
Parameters:
-
`id`
(required) - id of specified user
-
`id`
(required) - id of specified user
Will return
`20
0
OK`
on success,
`404 User Not Found`
is user cannot be found or
Will return
`20
1
OK`
on success,
`404 User Not Found`
is user cannot be found or
`403 Forbidden`
when trying to block an already blocked user by LDAP synchronization.
`403 Forbidden`
when trying to block an already blocked user by LDAP synchronization.
## Unblock user
## Unblock user
...
@@ -674,14 +674,14 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
...
@@ -674,14 +674,14 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
Unblocks the specified user. Available only for admin.
Unblocks the specified user. Available only for admin.
```
```
P
U
T /users/:id/unblock
P
OS
T /users/:id/unblock
```
```
Parameters:
Parameters:
-
`id`
(required) - id of specified user
-
`id`
(required) - id of specified user
Will return
`20
0
OK`
on success,
`404 User Not Found`
is user cannot be found or
Will return
`20
1
OK`
on success,
`404 User Not Found`
is user cannot be found or
`403 Forbidden`
when trying to unblock a user blocked by LDAP synchronization.
`403 Forbidden`
when trying to unblock a user blocked by LDAP synchronization.
### Get user contribution events
### Get user contribution events
...
...
doc/api/v3_to_v4.md
View file @
8f690604
...
@@ -26,3 +26,4 @@ changes are in V4:
...
@@ -26,3 +26,4 @@ changes are in V4:
-
Endpoints
`/projects/owned`
,
`/projects/visible`
,
`/projects/starred`
&
`/projects/all`
are consolidated into
`/projects`
using query parameters
-
Endpoints
`/projects/owned`
,
`/projects/visible`
,
`/projects/starred`
&
`/projects/all`
are consolidated into
`/projects`
using query parameters
-
Return pagination headers for all endpoints that return an array
-
Return pagination headers for all endpoints that return an array
-
Removed
`DELETE projects/:id/deploy_keys/:key_id/disable`
. Use
`DELETE projects/:id/deploy_keys/:key_id`
instead
-
Removed
`DELETE projects/:id/deploy_keys/:key_id/disable`
. Use
`DELETE projects/:id/deploy_keys/:key_id`
instead
-
Moved
`PUT /users/:id/(block|unblock)`
to
`POST /users/:id/(block|unblock)`
lib/api/users.rb
View file @
8f690604
...
@@ -314,7 +314,7 @@ module API
...
@@ -314,7 +314,7 @@ module API
params
do
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
end
p
u
t
':id/block'
do
p
os
t
':id/block'
do
authenticated_as_admin!
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
not_found!
(
'User'
)
unless
user
...
@@ -330,7 +330,7 @@ module API
...
@@ -330,7 +330,7 @@ module API
params
do
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
end
p
u
t
':id/unblock'
do
p
os
t
':id/unblock'
do
authenticated_as_admin!
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
not_found!
(
'User'
)
unless
user
...
...
lib/api/v3/users.rb
View file @
8f690604
...
@@ -39,6 +39,38 @@ module API
...
@@ -39,6 +39,38 @@ module API
present
user
.
emails
,
with:
::
API
::
Entities
::
Email
present
user
.
emails
,
with:
::
API
::
Entities
::
Email
end
end
desc
'Block a user. Available only for admins.'
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
put
':id/block'
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
if
!
user
.
ldap_blocked?
user
.
block
else
forbidden!
(
'LDAP blocked users cannot be modified by the API'
)
end
end
desc
'Unblock a user. Available only for admins.'
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
put
':id/unblock'
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
if
user
.
ldap_blocked?
forbidden!
(
'LDAP blocked users cannot be unblocked by the API'
)
else
user
.
activate
end
end
end
end
resource
:user
do
resource
:user
do
...
...
spec/requests/api/users_spec.rb
View file @
8f690604
...
@@ -1003,69 +1003,69 @@ describe API::Users, api: true do
...
@@ -1003,69 +1003,69 @@ describe API::Users, api: true do
end
end
end
end
describe
'P
U
T /users/:id/block'
do
describe
'P
OS
T /users/:id/block'
do
before
{
admin
}
before
{
admin
}
it
'blocks existing user'
do
it
'blocks existing user'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/block"
,
admin
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
0
)
expect
(
response
).
to
have_http_status
(
20
1
)
expect
(
user
.
reload
.
state
).
to
eq
(
'blocked'
)
expect
(
user
.
reload
.
state
).
to
eq
(
'blocked'
)
end
end
it
'does not re-block ldap blocked users'
do
it
'does not re-block ldap blocked users'
do
p
u
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/block"
,
admin
)
p
os
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
end
it
'does not be available for non admin users'
do
it
'does not be available for non admin users'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/block"
,
user
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/block"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
end
it
'returns a 404 error if user id not found'
do
it
'returns a 404 error if user id not found'
do
p
u
t
api
(
'/users/9999/block'
,
admin
)
p
os
t
api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
end
end
end
describe
'P
U
T /users/:id/unblock'
do
describe
'P
OS
T /users/:id/unblock'
do
let
(
:blocked_user
)
{
create
(
:user
,
state:
'blocked'
)
}
let
(
:blocked_user
)
{
create
(
:user
,
state:
'blocked'
)
}
before
{
admin
}
before
{
admin
}
it
'unblocks existing user'
do
it
'unblocks existing user'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
admin
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
0
)
expect
(
response
).
to
have_http_status
(
20
1
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
end
it
'unblocks a blocked user'
do
it
'unblocks a blocked user'
do
p
u
t
api
(
"/users/
#{
blocked_user
.
id
}
/unblock"
,
admin
)
p
os
t
api
(
"/users/
#{
blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
0
)
expect
(
response
).
to
have_http_status
(
20
1
)
expect
(
blocked_user
.
reload
.
state
).
to
eq
(
'active'
)
expect
(
blocked_user
.
reload
.
state
).
to
eq
(
'active'
)
end
end
it
'does not unblock ldap blocked users'
do
it
'does not unblock ldap blocked users'
do
p
u
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/unblock"
,
admin
)
p
os
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
end
it
'does not be available for non admin users'
do
it
'does not be available for non admin users'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
user
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
end
it
'returns a 404 error if user id not found'
do
it
'returns a 404 error if user id not found'
do
p
u
t
api
(
'/users/9999/block'
,
admin
)
p
os
t
api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
end
it
"returns a 404 for invalid ID"
do
it
"returns a 404 for invalid ID"
do
p
u
t
api
(
"/users/ASDF/block"
,
admin
)
p
os
t
api
(
"/users/ASDF/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
response
).
to
have_http_status
(
404
)
end
end
...
...
spec/requests/api/v3/users_spec.rb
View file @
8f690604
...
@@ -7,6 +7,7 @@ describe API::V3::Users, api: true do
...
@@ -7,6 +7,7 @@ describe API::V3::Users, api: true do
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:email
)
{
create
(
:email
,
user:
user
)
}
let
(
:email
)
{
create
(
:email
,
user:
user
)
}
let
(
:ldap_blocked_user
)
{
create
(
:omniauth_user
,
provider:
'ldapmain'
,
state:
'ldap_blocked'
)
}
describe
'GET /user/:id/keys'
do
describe
'GET /user/:id/keys'
do
before
{
admin
}
before
{
admin
}
...
@@ -117,4 +118,72 @@ describe API::V3::Users, api: true do
...
@@ -117,4 +118,72 @@ describe API::V3::Users, api: true do
end
end
end
end
end
end
describe
'PUT /users/:id/block'
do
before
{
admin
}
it
'blocks existing user'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
user
.
reload
.
state
).
to
eq
(
'blocked'
)
end
it
'does not re-block ldap blocked users'
do
put
v3_api
(
"/users/
#{
ldap_blocked_user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
it
'does not be available for non admin users'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/block"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'returns a 404 error if user id not found'
do
put
v3_api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
end
describe
'PUT /users/:id/unblock'
do
let
(
:blocked_user
)
{
create
(
:user
,
state:
'blocked'
)
}
before
{
admin
}
it
'unblocks existing user'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'unblocks a blocked user'
do
put
v3_api
(
"/users/
#{
blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
blocked_user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'does not unblock ldap blocked users'
do
put
v3_api
(
"/users/
#{
ldap_blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
it
'does not be available for non admin users'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/unblock"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'returns a 404 error if user id not found'
do
put
v3_api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
it
"returns a 404 for invalid ID"
do
put
v3_api
(
"/users/ASDF/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment