Commit f8d34666 authored by Robert Schilling's avatar Robert Schilling

API: Return 400 for all validation erros in the mebers API

parent 62b45631
---
title: 'API: Return 400 for all validation erros in the mebers API'
merge_request: 9523
author: Robert Schilling
...@@ -42,3 +42,4 @@ changes are in V4: ...@@ -42,3 +42,4 @@ changes are in V4:
- Remove `public` param from create and edit actions of projects [!8736](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8736) - Remove `public` param from create and edit actions of projects [!8736](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8736)
- Remove the ProjectGitHook API. Use the ProjectPushRule API instead [!1301](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1301) - Remove the ProjectGitHook API. Use the ProjectPushRule API instead [!1301](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1301)
- Notes do not return deprecated field `upvote` and `downvote` [!9384](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9384) - Notes do not return deprecated field `upvote` and `downvote` [!9384](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9384)
- Return HTTP status code `400` for all validation errors when creating or updating a member instead of sometimes `422` error. [!9523](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9523)
...@@ -61,7 +61,6 @@ module API ...@@ -61,7 +61,6 @@ module API
## EE specific ## EE specific
member = source.members.find_by(user_id: params[:user_id]) member = source.members.find_by(user_id: params[:user_id])
conflict!('Member already exists') if member conflict!('Member already exists') if member
member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at]) member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
...@@ -69,9 +68,6 @@ module API ...@@ -69,9 +68,6 @@ module API
if member.persisted? && member.valid? if member.persisted? && member.valid?
present member.user, with: Entities::Member, member: member present member.user, with: Entities::Member, member: member
else else
# This is to ensure back-compatibility but 400 behavior should be used
# for all validation errors in 9.0!
render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)
render_validation_error!(member) render_validation_error!(member)
end end
end end
...@@ -93,9 +89,6 @@ module API ...@@ -93,9 +89,6 @@ module API
if member.update_attributes(declared_params(include_missing: false)) if member.update_attributes(declared_params(include_missing: false))
present member.user, with: Entities::Member, member: member present member.user, with: Entities::Member, member: member
else else
# This is to ensure back-compatibility but 400 behavior should be used
# for all validation errors in 9.0!
render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)
render_validation_error!(member) render_validation_error!(member)
end end
end end
......
...@@ -173,11 +173,11 @@ describe API::Members, api: true do ...@@ -173,11 +173,11 @@ describe API::Members, api: true do
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
it 'returns 422 when access_level is not valid' do it 'returns 400 when access_level is not valid' do
post api("/#{source_type.pluralize}/#{source.id}/members", master), post api("/#{source_type.pluralize}/#{source.id}/members", master),
user_id: stranger.id, access_level: 1234 user_id: stranger.id, access_level: 1234
expect(response).to have_http_status(422) expect(response).to have_http_status(400)
end end
end end
end end
...@@ -247,11 +247,11 @@ describe API::Members, api: true do ...@@ -247,11 +247,11 @@ describe API::Members, api: true do
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
it 'returns 422 when access level is not valid' do it 'returns 400 when access level is not valid' do
put api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master), put api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master),
access_level: 1234 access_level: 1234
expect(response).to have_http_status(422) expect(response).to have_http_status(400)
end end
end end
end end
...@@ -363,7 +363,7 @@ describe API::Members, api: true do ...@@ -363,7 +363,7 @@ describe API::Members, api: true do
post api("/projects/#{project.id}/members", master), post api("/projects/#{project.id}/members", master),
user_id: stranger.id, access_level: Member::OWNER user_id: stranger.id, access_level: Member::OWNER
expect(response).to have_http_status(422) expect(response).to have_http_status(400)
end.to change { project.members.count }.by(0) end.to change { project.members.count }.by(0)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment