Commit 2976ad40 authored by Sean McGivern's avatar Sean McGivern

Merge branch '23731-add-param-to-user-api' into 'master'

Add query param to filter users by 'external' & 'blocked' type on API

Closes #23731

See merge request !7109
parents 0d73e491 a0aaf93f
---
title: Add query param to filter users by external & blocked type
merge_request: 7109
author: Yatish Mehta
...@@ -33,6 +33,18 @@ GET /users ...@@ -33,6 +33,18 @@ GET /users
] ]
``` ```
In addition, you can filter users based on states eg. `blocked`, `active`
This works only to filter users who are `blocked` or `active`.
It does not support `active=false` or `blocked=false`.
```
GET /users?active=true
```
```
GET /users?blocked=true
```
### For admins ### For admins
``` ```
...@@ -120,6 +132,8 @@ For example: ...@@ -120,6 +132,8 @@ For example:
GET /users?username=jack_smith GET /users?username=jack_smith
``` ```
You can search for users who are external with: `/users?external=true`
## Single user ## Single user
Get a single user. Get a single user.
......
...@@ -10,6 +10,9 @@ module API ...@@ -10,6 +10,9 @@ module API
# GET /users # GET /users
# GET /users?search=Admin # GET /users?search=Admin
# GET /users?username=root # GET /users?username=root
# GET /users?active=true
# GET /users?external=true
# GET /users?blocked=true
get do get do
unless can?(current_user, :read_users_list, nil) unless can?(current_user, :read_users_list, nil)
render_api_error!("Not authorized.", 403) render_api_error!("Not authorized.", 403)
...@@ -19,8 +22,10 @@ module API ...@@ -19,8 +22,10 @@ module API
@users = User.where(username: params[:username]) @users = User.where(username: params[:username])
else else
@users = User.all @users = User.all
@users = @users.active if params[:active].present? @users = @users.active if to_boolean(params[:active])
@users = @users.search(params[:search]) if params[:search].present? @users = @users.search(params[:search]) if params[:search].present?
@users = @users.blocked if to_boolean(params[:blocked])
@users = @users.external if to_boolean(params[:external]) && current_user.is_admin?
@users = paginate @users @users = paginate @users
end end
......
...@@ -48,6 +48,17 @@ describe API::API, api: true do ...@@ -48,6 +48,17 @@ describe API::API, api: true do
end['username']).to eq(username) end['username']).to eq(username)
end end
it "returns an array of blocked users" do
ldap_blocked_user
create(:user, state: 'blocked')
get api("/users?blocked=true", user)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response).to all(include('state' => /(blocked|ldap_blocked)/))
end
it "returns one user" do it "returns one user" do
get api("/users?username=#{omniauth_user.username}", user) get api("/users?username=#{omniauth_user.username}", user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
...@@ -69,6 +80,16 @@ describe API::API, api: true do ...@@ -69,6 +80,16 @@ describe API::API, api: true do
expect(json_response.first.keys).to include 'last_sign_in_at' expect(json_response.first.keys).to include 'last_sign_in_at'
expect(json_response.first.keys).to include 'confirmed_at' expect(json_response.first.keys).to include 'confirmed_at'
end end
it "returns an array of external users" do
create(:user, external: true)
get api("/users?external=true", admin)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response).to all(include('external' => true))
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment