Commit 764103fe authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'enabling_runners_token_for_groups' into 'master'

Enabling runners token for groups

See merge request gitlab-org/gitlab!16831
parents ee7d9d47 011c1ac4
---
title: Adds the runners_token of the group if the user that requests the group info is admin of it
merge_request: 16831
author: Ignacio Lorenzo Subirá Otal nachootal@gmail.com
type: changed
......@@ -208,7 +208,7 @@ Example response:
## Details of a group
Get all details of a group. This endpoint can be accessed without authentication
if the group is publicly accessible.
if the group is publicly accessible. In case the user that requests is admin of the group, it will return the `runners_token` for the group too.
```
GET /groups/:id
......@@ -240,6 +240,7 @@ Example response:
"request_access_enabled": false,
"full_name": "Twitter",
"full_path": "twitter",
"runners_token": "ba324ca7b1c77fc20bb9",
"file_template_project_id": 1,
"parent_id": null,
"projects": [
......
......@@ -400,6 +400,7 @@ module API
end
class GroupDetail < Group
expose :runners_token, if: lambda { |group, options| options[:user_can_admin_group] }
expose :projects, using: Entities::Project do |group, options|
projects = GroupProjectsFinder.new(
group: group,
......
......@@ -173,7 +173,8 @@ module API
options = {
with: params[:with_projects] ? Entities::GroupDetail : Entities::Group,
current_user: current_user
current_user: current_user,
user_can_admin_group: can?(current_user, :admin_group, group)
}
group, options = with_custom_attributes(group, options)
......
......@@ -59,6 +59,16 @@ describe API::Groups do
.to satisfy_one { |group| group['name'] == group1.name }
end
it "does not include runners_token information" do
get api("/groups", user1)
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response.first).not_to include('runners_token')
end
it "does not include statistics" do
get api("/groups", user1), params: { statistics: true }
......@@ -79,6 +89,16 @@ describe API::Groups do
expect(json_response.length).to eq(2)
end
it "does not include runners_token information" do
get api("/groups", admin)
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.length).to eq(2)
expect(json_response.first).not_to include('runners_token')
end
it "does not include statistics by default" do
get api("/groups", admin)
......@@ -292,6 +312,7 @@ describe API::Groups do
get api("/groups/#{group1.id}")
expect(response).to have_gitlab_http_status(200)
expect(json_response).not_to include('runners_token')
end
it 'returns only public projects in the group' do
......@@ -350,6 +371,22 @@ describe API::Groups do
expect(response).to have_gitlab_http_status(200)
expect(json_response['projects']).to be_nil
expect(json_response['shared_projects']).to be_nil
expect(json_response).not_to include('runners_token')
end
it "doesn't return runners_token if the user is not the owner of the group" do
get api("/groups/#{group1.id}", user3)
expect(response).to have_gitlab_http_status(200)
expect(json_response).not_to include('runners_token')
end
it "returns runners_token if the user is the owner of the group" do
group1.add_owner(user3)
get api("/groups/#{group1.id}", user3)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to include('runners_token')
end
it "does not return a non existing group" do
......@@ -407,6 +444,13 @@ describe API::Groups do
expect(json_response['name']).to eq(group2.name)
end
it "returns information of the runners_token for the group" do
get api("/groups/#{group2.id}", admin)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to include('runners_token')
end
it "does not return a non existing group" do
get api("/groups/1328", admin)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment