Commit 5f0e7873 authored by James Lopez's avatar James Lopez

ported EE user service to CE

parent 801cf923
module Users
# Service for creating a new user.
class UpdateService < BaseService
def initialize(current_user, user, params = {})
@current_user = current_user
@user = user
@params = params.dup
end
def execute(skip_authorization: false)
raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_update_user?
if @user.update_attributes(params)
success
else
error('Project could not be updated')
end
end
def can_update_user?
current_user == @user || current_user&.admin?
end
end
end
...@@ -25,7 +25,7 @@ describe 'Profile > Password', feature: true do ...@@ -25,7 +25,7 @@ describe 'Profile > Password', feature: true do
end end
end end
it 'does not contains the current password field after an error' do it 'does not contain the current password field after an error' do
fill_passwords('mypassword', 'mypassword2') fill_passwords('mypassword', 'mypassword2')
expect(page).to have_no_field('user[current_password]') expect(page).to have_no_field('user[current_password]')
......
...@@ -1899,4 +1899,17 @@ describe User, models: true do ...@@ -1899,4 +1899,17 @@ describe User, models: true do
user.invalidate_merge_request_cache_counts user.invalidate_merge_request_cache_counts
end end
end end
describe 'audit changes' do
let!(:user) { create(:user) }
it 'audits an email change' do
expect { user.update!(email: 'test@example.com') }.to change { AuditEvent.count }.by(1)
end
it 'audits a password change' do
expect { user.update!(password: 'asdfasdf', password_confirmation: 'asdfasdf') }.to change { AuditEvent.count }.by(1)
end
end
end end
...@@ -374,6 +374,7 @@ describe API::Users do ...@@ -374,6 +374,7 @@ describe API::Users do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(user.reload.password_expires_at).to be <= Time.now expect(user.reload.password_expires_at).to be <= Time.now
expect(AuditEvent.count).to eq(1)
end end
it "updates user with organization" do it "updates user with organization" do
...@@ -401,6 +402,13 @@ describe API::Users do ...@@ -401,6 +402,13 @@ describe API::Users do
expect(user.reload.email).to eq(user.email) expect(user.reload.email).to eq(user.email)
end end
it 'updates user with a new email' do
put api("/users/#{user.id}", admin), email: 'new@email.com'
expect(response).to have_http_status(200)
expect(user.reload.notification_email).to eq('new@email.com')
expect(AuditEvent.count).to eq(1)
end
it 'updates user with his own username' do it 'updates user with his own username' do
put api("/users/#{user.id}", admin), username: user.username put api("/users/#{user.id}", admin), username: user.username
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
...@@ -643,7 +651,7 @@ describe API::Users do ...@@ -643,7 +651,7 @@ describe API::Users do
email_attrs = attributes_for :email email_attrs = attributes_for :email
expect do expect do
post api("/users/#{user.id}/emails", admin), email_attrs post api("/users/#{user.id}/emails", admin), email_attrs
end.to change { user.emails.count }.by(1) end.to change { user.emails.count }.by(1).and change { AuditEvent.count }.by(1)
end end
it "returns a 400 for invalid ID" do it "returns a 400 for invalid ID" do
......
require 'spec_helper'
describe Users::UpdateService, services: true do
let(:user) { create(:user) }
let(:admin) { create(:admin) }
let(:user) { create(:empty_user, creator_id: user.id, namespace: user.namespace) }
describe '#execute' do
it 'updates the name' do
result = update_user(user, user, name: 'New Name')
expect(result).to eq({ status: :success })
expect(user.name).to eq('New Name')
end
context 'when updated by an admin' do
it 'updates the name' do
result = update_user(user, admin, name: 'New Name')
expect(result).to eq({ status: :success })
expect(user.name).to eq('New Name')
end
end
it 'returns an error result when record cannot be updated' do
result = update_user(user, create(:user), { name: 'New Name' })
expect(result).to eq({ status: :error, message: 'User could not be updated' })
end
def update_user(current_user, user, opts)
described_class.new(user, user, opts).execute
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment