Commit ce6436b9 authored by Felix Gilcher's avatar Felix Gilcher

Don't crash when removing a user that's not project member

The attempt to revoke project access for a user that was not member of the
project results in a 500 Internal Server error where it actually should
result in a 200 OK since after the operation, the user is not member of
the project. This turns the operation into an idempotent call that can
be repeated with no ill effects.

Updated the spec and changed the code accordingly. However, the result differs
slightly, as we can't return the users project access level if the user was not
member. I'm not aware if anybody relies on the result of this call.

Fixes #2832
parent c72910a8
...@@ -132,7 +132,11 @@ module Gitlab ...@@ -132,7 +132,11 @@ module Gitlab
delete ":id/members/:user_id" do delete ":id/members/:user_id" do
authorize! :admin_project, user_project authorize! :admin_project, user_project
users_project = user_project.users_projects.find_by_user_id params[:user_id] users_project = user_project.users_projects.find_by_user_id params[:user_id]
unless users_project.nil?
users_project.destroy users_project.destroy
else
{:message => "Access revoked", :id => params[:user_id].to_i}
end
end end
# Get project hooks # Get project hooks
......
...@@ -167,6 +167,17 @@ describe Gitlab::API do ...@@ -167,6 +167,17 @@ describe Gitlab::API do
end end
end end
describe "DELETE /projects/:id/members/:user_id" do
it "should return 200 OK when the user was not member" do
expect {
delete api("/projects/#{project.id}/members/1000000", user)
}.to change { UsersProject.count }.by(0)
response.status.should == 200
json_response['message'].should == "Access revoked"
json_response['id'].should == 1000000
end
end
describe "GET /projects/:id/hooks" do describe "GET /projects/:id/hooks" do
it "should return project hooks" do it "should return project hooks" do
get api("/projects/#{project.id}/hooks", user) get api("/projects/#{project.id}/hooks", user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment