Commit b0981097 authored by Alexis Reigel's avatar Alexis Reigel

return 400 on users search and feature is disabled

as the params block is evaluated when loading the class and the db
connection is not available yet we can't use the feature toggle inside
that block.
parent 6385c722
......@@ -53,15 +53,14 @@ module API
# EE, without having to modify this file directly.
end
params :scope do |options|
scope_entities =
if Feature.enabled?(:users_search, default_enabled: true)
SCOPE_ENTITY
else
SCOPE_ENTITY.reject { |key, value| key == :users }
end
def check_users_search_allowed!
if Feature.disabled?(:users_search, default_enabled: true) && params[:scope].to_sym == :users
render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400)
end
end
values = scope_entities.stringify_keys.slice(*options[:values]).keys
params :scope do |options|
values = SCOPE_ENTITY.stringify_keys.slice(*options[:values]).keys
requires :scope,
type: String,
......@@ -81,6 +80,7 @@ module API
end
get do
verify_search_scope!
check_users_search_allowed!
present search, with: entity
end
......@@ -98,6 +98,7 @@ module API
end
get ':id/(-/)search' do
verify_search_scope!
check_users_search_allowed!
present search(group_id: user_group.id), with: entity
end
......@@ -114,6 +115,8 @@ module API
use :pagination
end
get ':id/(-/)search' do
check_users_search_allowed!
present search(project_id: user_project.id), with: entity
end
end
......
......@@ -6632,6 +6632,9 @@ msgstr ""
msgid "Scope"
msgstr ""
msgid "Scope not supported with disabled 'users_search' feature!"
msgstr ""
msgid "Scroll down to <strong>Google Code Project Hosting</strong> and enable the switch on the right."
msgstr ""
......
......@@ -81,10 +81,22 @@ describe API::Search do
before do
create(:user, name: 'billy')
get api('/search', user), scope: 'users', search: 'billy'
get api('/search', user), params: { scope: 'users', search: 'billy' }
end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
context 'when users search feature is disabled' do
before do
allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
get api('/search', user), params: { scope: 'users', search: 'billy' }
end
it 'returns 400 error' do
expect(response).to have_gitlab_http_status(400)
end
end
end
context 'for snippet_titles scope' do
......@@ -203,15 +215,27 @@ describe API::Search do
it_behaves_like 'response is correct', schema: 'public_api/v4/milestones'
end
context 'for user scope' do
context 'for users scope' do
before do
user = create(:user, name: 'billy')
create(:group_member, :developer, user: user, group: group)
get api("/groups/#{group.id}/search", user), scope: 'users', search: 'billy'
get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' }
end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
context 'when users search feature is disabled' do
before do
allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' }
end
it 'returns 400 error' do
expect(response).to have_gitlab_http_status(400)
end
end
end
context 'for users scope with group path as id' do
......@@ -219,7 +243,7 @@ describe API::Search do
user1 = create(:user, name: 'billy')
create(:group_member, :developer, user: user1, group: group)
get api("/groups/#{CGI.escape(group.full_path)}/search", user), scope: 'users', search: 'billy'
get api("/groups/#{CGI.escape(group.full_path)}/search", user), params: { scope: 'users', search: 'billy' }
end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
......@@ -306,10 +330,22 @@ describe API::Search do
user1 = create(:user, name: 'billy')
create(:project_member, :developer, user: user1, project: project)
get api("/projects/#{project.id}/search", user), scope: 'users', search: 'billy'
get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' }
end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
context 'when users search feature is disabled' do
before do
allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' }
end
it 'returns 400 error' do
expect(response).to have_gitlab_http_status(400)
end
end
end
context 'for notes scope' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment