API: Return 400 for all validation erros in the mebers API

f8d34666 · Robert Schilling · 62b45631 · f8d34666 · f8d34666 · f8d34666
Commit f8d34666 authored Feb 24, 2017 by Robert Schilling
4 changed files
--- a/changelogs/unreleased/unified-member-api-response.yml
+++ b/changelogs/unreleased/unified-member-api-response.yml
+---
+title: 'API: Return 400 for all validation erros in the mebers API'
+merge_request: 9523
+author: Robert Schilling
--- a/doc/api/v3_to_v4.md
+++ b/doc/api/v3_to_v4.md
@@ -42,3 +42,4 @@ changes are in V4:
 - Remove `public` param from create and edit actions of projects [!8736](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8736)
 - Remove the ProjectGitHook API. Use the ProjectPushRule API instead [!1301](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1301)
 - Notes do not return deprecated field `upvote` and `downvote` [!9384](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9384)
+- Return HTTP status code `400` for all validation errors when creating or updating a member instead of sometimes `422` error. [!9523](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9523)
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -61,7 +61,6 @@ module API
          ## EE specific

          member = source.members.find_by(user_id: params[:user_id])
-
          conflict!('Member already exists') if member

          member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
@@ -69,9 +68,6 @@ module API
          if member.persisted? && member.valid?
            present member.user, with: Entities::Member, member: member
          else
-            # This is to ensure back-compatibility but 400 behavior should be used
-            # for all validation errors in 9.0!
-            render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)
            render_validation_error!(member)
          end
        end
@@ -93,9 +89,6 @@ module API
          if member.update_attributes(declared_params(include_missing: false))
            present member.user, with: Entities::Member, member: member
          else
-            # This is to ensure back-compatibility but 400 behavior should be used
-            # for all validation errors in 9.0!
-            render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)
            render_validation_error!(member)
          end
        end

--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -173,11 +173,11 @@ describe API::Members, api: true  do
        expect(response).to have_http_status(400)
      end

-      it 'returns 422 when access_level is not valid' do
+      it 'returns 400  when access_level is not valid' do
        post api("/#{source_type.pluralize}/#{source.id}/members", master),
             user_id: stranger.id, access_level: 1234

-        expect(response).to have_http_status(422)
+        expect(response).to have_http_status(400)
      end
    end
  end
@@ -247,11 +247,11 @@ describe API::Members, api: true  do
        expect(response).to have_http_status(400)
      end

-      it 'returns 422 when access level is not valid' do
+      it 'returns 400  when access level is not valid' do
        put api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master),
            access_level: 1234

-        expect(response).to have_http_status(422)
+        expect(response).to have_http_status(400)
      end
    end
  end
@@ -363,7 +363,7 @@ describe API::Members, api: true  do
        post api("/projects/#{project.id}/members", master),
             user_id: stranger.id, access_level: Member::OWNER

-        expect(response).to have_http_status(422)
+        expect(response).to have_http_status(400)
      end.to change { project.members.count }.by(0)
    end
  end