Always set created_by_id when creating a user

Previously, the created_by_id for a user would only get set if the creating user was an admin. It's helpful to have this value populated even when the user isn't an admin, such as when a user creates a user via creation of a project access token.

Always set created_by_id when creating a user
Previously, the created_by_id for a user would only get set if the creating user was an admin. It's helpful to have this value populated even when the user isn't an admin, such as when a user creates a user via creation of a project access token.
20dbbd6c · Drew Blessing · Drew Blessing · a24659e6 · 20dbbd6c · 20dbbd6c
Commit 20dbbd6c authored Sep 24, 2020 by Drew Blessing Committed by Drew Blessing Sep 24, 2020
4 changed files
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -104,7 +104,6 @@ module Users
    def build_user_params(skip_authorization:)
      if current_user&.admin?
        user_params = params.slice(*admin_create_params)
-        user_params[:created_by_id] = current_user&.id
        if params[:reset_password]
          user_params.merge!(force_random_password: true, password_expires_at: nil)
@@ -125,6 +124,8 @@ module Users
        end
      end
+      user_params[:created_by_id] = current_user&.id
      if user_default_internal_regex_enabled? && !user_params.key?(:external)
        user_params[:external] = user_external?
      end

--- a/changelogs/unreleased/dblessing_user_created_by_id.yml
+++ b/changelogs/unreleased/dblessing_user_created_by_id.yml
+---
+title: Always set created_by_id when creating a user
+merge_request: 43342
+author:
+type: changed
--- a/spec/services/resource_access_tokens/create_service_spec.rb
+++ b/spec/services/resource_access_tokens/create_service_spec.rb
@@ -53,6 +53,7 @@ RSpec.describe ResourceAccessTokens::CreateService do
        access_token = response.payload[:access_token]
        expect(access_token.user.reload.user_type).to eq("#{resource_type}_bot")
+        expect(access_token.user.created_by_id).to eq(user.id)
      end
      context 'email confirmation status' do

--- a/spec/services/users/build_service_spec.rb
+++ b/spec/services/users/build_service_spec.rb
@@ -16,6 +16,10 @@ RSpec.describe Users::BuildService do
        expect(service.execute).to be_valid
      end
+      it 'sets the created_by_id' do
+        expect(service.execute.created_by_id).to eq(admin_user.id)
+      end
      context 'calls the UpdateCanonicalEmailService' do
        specify do
          expect(Users::UpdateCanonicalEmailService).to receive(:new).and_call_original
@@ -128,6 +132,16 @@ RSpec.describe Users::BuildService do
      it 'raises AccessDeniedError exception' do
        expect { service.execute }.to raise_error Gitlab::Access::AccessDeniedError
      end
+      context 'when authorization is skipped' do
+        subject(:built_user) { service.execute(skip_authorization: true) }
+        it { is_expected.to be_valid }
+        it 'sets the created_by_id' do
+          expect(built_user.created_by_id).to eq(user.id)
+        end
+      end
    end
    context 'with nil user' do