Commit b0981097 authored by Alexis Reigel's avatar Alexis Reigel

return 400 on users search and feature is disabled

as the params block is evaluated when loading the class and the db
connection is not available yet we can't use the feature toggle inside
that block.
parent 6385c722
...@@ -53,15 +53,14 @@ module API ...@@ -53,15 +53,14 @@ module API
# EE, without having to modify this file directly. # EE, without having to modify this file directly.
end end
params :scope do |options| def check_users_search_allowed!
scope_entities = if Feature.disabled?(:users_search, default_enabled: true) && params[:scope].to_sym == :users
if Feature.enabled?(:users_search, default_enabled: true) render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400)
SCOPE_ENTITY end
else
SCOPE_ENTITY.reject { |key, value| key == :users }
end end
values = scope_entities.stringify_keys.slice(*options[:values]).keys params :scope do |options|
values = SCOPE_ENTITY.stringify_keys.slice(*options[:values]).keys
requires :scope, requires :scope,
type: String, type: String,
...@@ -81,6 +80,7 @@ module API ...@@ -81,6 +80,7 @@ module API
end end
get do get do
verify_search_scope! verify_search_scope!
check_users_search_allowed!
present search, with: entity present search, with: entity
end end
...@@ -98,6 +98,7 @@ module API ...@@ -98,6 +98,7 @@ module API
end end
get ':id/(-/)search' do get ':id/(-/)search' do
verify_search_scope! verify_search_scope!
check_users_search_allowed!
present search(group_id: user_group.id), with: entity present search(group_id: user_group.id), with: entity
end end
...@@ -114,6 +115,8 @@ module API ...@@ -114,6 +115,8 @@ module API
use :pagination use :pagination
end end
get ':id/(-/)search' do get ':id/(-/)search' do
check_users_search_allowed!
present search(project_id: user_project.id), with: entity present search(project_id: user_project.id), with: entity
end end
end end
......
...@@ -6632,6 +6632,9 @@ msgstr "" ...@@ -6632,6 +6632,9 @@ msgstr ""
msgid "Scope" msgid "Scope"
msgstr "" msgstr ""
msgid "Scope not supported with disabled 'users_search' feature!"
msgstr ""
msgid "Scroll down to <strong>Google Code Project Hosting</strong> and enable the switch on the right." msgid "Scroll down to <strong>Google Code Project Hosting</strong> and enable the switch on the right."
msgstr "" msgstr ""
......
...@@ -81,10 +81,22 @@ describe API::Search do ...@@ -81,10 +81,22 @@ describe API::Search do
before do before do
create(:user, name: 'billy') create(:user, name: 'billy')
get api('/search', user), scope: 'users', search: 'billy' get api('/search', user), params: { scope: 'users', search: 'billy' }
end end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
context 'when users search feature is disabled' do
before do
allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
get api('/search', user), params: { scope: 'users', search: 'billy' }
end
it 'returns 400 error' do
expect(response).to have_gitlab_http_status(400)
end
end
end end
context 'for snippet_titles scope' do context 'for snippet_titles scope' do
...@@ -203,15 +215,27 @@ describe API::Search do ...@@ -203,15 +215,27 @@ describe API::Search do
it_behaves_like 'response is correct', schema: 'public_api/v4/milestones' it_behaves_like 'response is correct', schema: 'public_api/v4/milestones'
end end
context 'for user scope' do context 'for users scope' do
before do before do
user = create(:user, name: 'billy') user = create(:user, name: 'billy')
create(:group_member, :developer, user: user, group: group) create(:group_member, :developer, user: user, group: group)
get api("/groups/#{group.id}/search", user), scope: 'users', search: 'billy' get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' }
end end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
context 'when users search feature is disabled' do
before do
allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' }
end
it 'returns 400 error' do
expect(response).to have_gitlab_http_status(400)
end
end
end end
context 'for users scope with group path as id' do context 'for users scope with group path as id' do
...@@ -219,7 +243,7 @@ describe API::Search do ...@@ -219,7 +243,7 @@ describe API::Search do
user1 = create(:user, name: 'billy') user1 = create(:user, name: 'billy')
create(:group_member, :developer, user: user1, group: group) create(:group_member, :developer, user: user1, group: group)
get api("/groups/#{CGI.escape(group.full_path)}/search", user), scope: 'users', search: 'billy' get api("/groups/#{CGI.escape(group.full_path)}/search", user), params: { scope: 'users', search: 'billy' }
end end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
...@@ -306,10 +330,22 @@ describe API::Search do ...@@ -306,10 +330,22 @@ describe API::Search do
user1 = create(:user, name: 'billy') user1 = create(:user, name: 'billy')
create(:project_member, :developer, user: user1, project: project) create(:project_member, :developer, user: user1, project: project)
get api("/projects/#{project.id}/search", user), scope: 'users', search: 'billy' get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' }
end end
it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
context 'when users search feature is disabled' do
before do
allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' }
end
it 'returns 400 error' do
expect(response).to have_gitlab_http_status(400)
end
end
end end
context 'for notes scope' do context 'for notes scope' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment