Expose provisioned by group id in API

ccb20827 · Cynthia Ng · Kerri Miller · 48b385eb · ccb20827 · ccb20827
Commit ccb20827 authored May 26, 2021 by Cynthia Ng Committed by Kerri Miller May 26, 2021
4 changed files
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -207,7 +207,7 @@ Users on GitLab [Premium or higher](https://about.gitlab.com/pricing/) also see
 ```

 Users on GitLab [Premium or higher](https://about.gitlab.com/pricing/) also see
-the `group_saml` provider option:
+the `group_saml` provider option and `provisioned_by_group_id` parameter:

 ```json
 [
@@ -220,6 +220,7 @@ the `group_saml` provider option:
      {"provider": "google_oauth2", "extern_uid": "8776128412476123468721346"},
      {"provider": "group_saml", "extern_uid": "123789", "saml_provider_id": 10}
    ],
+    "provisioned_by_group_id": 123789
    ...
  }
 ]
@@ -374,7 +375,7 @@ the `shared_runners_minutes_limit`, `is_auditor`, and `extra_shared_runners_minu
 ```

 Users on GitLab.com [Premium or higher](https://about.gitlab.com/pricing/) also
-see the `group_saml` option:
+see the `group_saml` option and `provisioned_by_group_id` parameter:

 ```json
 {
@@ -388,6 +389,7 @@ see the `group_saml` option:
    {"provider": "google_oauth2", "extern_uid": "8776128412476123468721346"},
    {"provider": "group_saml", "extern_uid": "123789", "saml_provider_id": 10}
  ],
+  "provisioned_by_group_id": 123789
  ...
 }
 ```
@@ -630,7 +632,14 @@ GET /user
 }
 ```

-Users on GitLab [Premium or higher](https://about.gitlab.com/pricing/) also see the `shared_runners_minutes_limit`, `extra_shared_runners_minutes_limit`, `is_auditor`, and `using_license_seat` parameters.
+Users on GitLab [Premium or higher](https://about.gitlab.com/pricing/) also see these
+parameters:
+
+- `shared_runners_minutes_limit`
+- `extra_shared_runners_minutes_limit`
+- `is_auditor`
+- `provisioned_by_group_id`
+- `using_license_seat`

 ## User status


--- a/ee/lib/ee/api/entities/user_with_admin.rb
+++ b/ee/lib/ee/api/entities/user_with_admin.rb
@@ -9,6 +9,7 @@ module EE
        prepended do
          expose :using_license_seat?, as: :using_license_seat
          expose :auditor, as: :is_auditor, if: ->(_instance, _opts) { ::License.feature_available?(:auditor_user) }
+          expose :provisioned_by_group_id, if: ->(_instance, _opts) { ::License.feature_available?(:group_saml) }
        end
      end
    end

--- a/ee/spec/lib/ee/api/entities/user_with_admin_spec.rb
+++ b/ee/spec/lib/ee/api/entities/user_with_admin_spec.rb
@@ -49,4 +49,39 @@ RSpec.describe ::EE::API::Entities::UserWithAdmin do
      end
    end
  end
+
+  context 'provisioned_by_group_id' do
+    context 'group_saml is available' do
+      before do
+        stub_licensed_features(group_saml: true)
+      end
+
+      it 'returns false when user is not provisioned by group' do
+        expect(subject[:provisioned_by_group]).to be nil
+      end
+
+      context 'when user is provisioned by group' do
+        let(:group) { create(:group) }
+        let(:saml_provider) { create(:saml_provider, group: group) }
+        let!(:group_saml_identity) { create(:group_saml_identity, saml_provider: saml_provider, user: user) }
+
+        before do
+          user.update!(provisioned_by_group: saml_provider.group)
+        end
+        it 'returns group_id' do
+          expect(subject[:provisioned_by_group_id]).to eq(group.id)
+        end
+      end
+    end
+
+    context 'when group_saml is not available' do
+      before do
+        stub_licensed_features(group_saml: false)
+      end
+
+      it 'does not have the provisioned_by_group_id param' do
+        expect(subject[:provisioned_by_group_id]).to be nil
+      end
+    end
+  end
 end
--- a/ee/spec/requests/api/users_spec.rb
+++ b/ee/spec/requests/api/users_spec.rb
@@ -130,6 +130,9 @@ RSpec.describe API::Users do
  end

  context 'with group SAML' do
+    before do
+      stub_licensed_features(group_saml: true)
+    end
    let(:saml_provider) { create(:saml_provider) }

    it 'creates user with new identity' do
@@ -170,6 +173,13 @@ RSpec.describe API::Users do
      expect(response).to have_gitlab_http_status(:bad_request)
      expect(json_response['message']).to eq({ "identities.provider" => ["can't be blank"] })
    end
+
+    it 'contains provisioned_by_group_id parameter' do
+      user.update!(provisioned_by_group: saml_provider.group)
+      get api("/users/#{user.id}", admin)
+
+      expect(json_response).to have_key('provisioned_by_group_id')
+    end
  end

  describe 'GET /user/:id' do
@@ -227,6 +237,12 @@ RSpec.describe API::Users do

          expect(json_response).not_to have_key('is_auditor')
        end
+
+        it 'does not contain provisioned_by_group_id parameter' do
+          get api("/users/#{user.id}", user)
+
+          expect(json_response).not_to have_key('provisioned_by_group_id')
+        end
      end
    end