From e954438a1d3a45addebf52ab04155459d7d84db0 Mon Sep 17 00:00:00 2001 From: Boyan Tabakov Date: Tue, 18 Dec 2012 21:24:31 +0200 Subject: [PATCH] Extended users API to support updating and deleting users. Also added tests. --- doc/api/users.md | 43 +++++++++++++++++++++++++++++ lib/api/entities.rb | 2 +- lib/api/users.rb | 47 +++++++++++++++++++++++++++++++- spec/requests/api/users_spec.rb | 48 +++++++++++++++++++++++++++++++++ 4 files changed, 138 insertions(+), 2 deletions(-) diff --git a/doc/api/users.md b/doc/api/users.md index 200c0e06e046..b94d7c0f789d 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -20,6 +20,8 @@ GET /users "linkedin": "", "twitter": "", "dark_scheme": false, + "extern_uid": "john.smith", + "provider": "provider_name", "theme_id": 1 }, { @@ -34,6 +36,8 @@ GET /users "linkedin": "", "twitter": "", "dark_scheme": true, + "extern_uid": "jack.smith", + "provider": "provider_name", "theme_id": 1 } ] @@ -64,6 +68,8 @@ Parameters: "linkedin": "", "twitter": "", "dark_scheme": false, + "extern_uid": "john.smith", + "provider": "provider_name", "theme_id": 1 } ``` @@ -84,10 +90,47 @@ Parameters: + `linkedin` - Linkedin + `twitter` - Twitter account + `projects_limit` - Number of projects user can create ++ `extern_uid` - External UID ++ `provider` - External provider name ++ `bio` - User's bio Will return created user with status `201 Created` on success, or `404 Not found` on fail. +## User modification +Modify user. Available only for admin + +``` +PUT /users/:id +``` + +Parameters: ++ `email` - Email ++ `username` - Username ++ `name` - Name ++ `password` - Password ++ `skype` - Skype ID ++ `linkedin` - Linkedin ++ `twitter` - Twitter account ++ `projects_limit` - Limit projects wich user can create ++ `extern_uid` - External UID ++ `provider` - External provider name ++ `bio` - User's bio + + +Will return created user with status `200 OK` on success, or `404 Not +found` on fail. + +## User deletion +Delete user. Available only for admin + +``` +DELETE /users/:id +``` + +Will return deleted user with status `200 OK` on success, or `404 Not +found` on fail. + ## Current user Get currently authenticated user. diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 070fbad27ed1..bfb9093d61ed 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -2,7 +2,7 @@ module Gitlab module Entities class User < Grape::Entity expose :id, :username, :email, :name, :bio, :skype, :linkedin, :twitter, - :dark_scheme, :theme_id, :blocked, :created_at + :dark_scheme, :theme_id, :blocked, :created_at, :extern_uid, :provider end class UserBasic < Grape::Entity diff --git a/lib/api/users.rb b/lib/api/users.rb index 140c20f6bd21..7ea90c75e9ee 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -34,11 +34,14 @@ class Users < Grape::API # linkedin - Linkedin # twitter - Twitter account # projects_limit - Number of projects user can create + # extern_uid - External authentication provider UID + # provider - External provider + # bio - Bio # Example Request: # POST /users post do authenticated_as_admin! - attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username] + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] user = User.new attrs, as: :admin if user.save present user, with: Entities::User @@ -46,6 +49,48 @@ class Users < Grape::API not_found! end end + + # Update user. Available only for admin + # + # Parameters: + # email - Email + # name - Name + # password - Password + # skype - Skype ID + # linkedin - Linkedin + # twitter - Twitter account + # projects_limit - Limit projects wich user can create + # extern_uid - External authentication provider UID + # provider - External provider + # bio - Bio + # Example Request: + # PUT /users/:id + put ":id" do + authenticated_as_admin! + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] + user = User.find_by_id(params[:id]) + + if user && user.update_attributes(attrs) + present user, with: Entities::User + else + not_found! + end + end + + # Delete user. Available only for admin + # + # Example Request: + # DELETE /users/:id + delete ":id" do + authenticated_as_admin! + user = User.find_by_id(params[:id]) + + if user + user.destroy + else + not_found! + end + end end resource :user do diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 4cfb4884e7c9..108d1bf9458e 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -53,6 +53,54 @@ end end + describe "PUT /users/:id" do + before { admin } + + it "should update user" do + put api("/users/#{user.id}", admin), {bio: 'new test bio'} + response.status.should == 200 + json_response['bio'].should == 'new test bio' + user.reload.bio.should == 'new test bio' + end + + it "should not allow invalid update" do + put api("/users/#{user.id}", admin), {email: 'invalid email'} + response.status.should == 404 + user.reload.email.should_not == 'invalid email' + end + + it "shouldn't available for non admin users" do + put api("/users/#{user.id}", user), attributes_for(:user) + response.status.should == 403 + end + + it "should return 404 for non-existing user" do + put api("/users/999999", admin), {bio: 'update should fail'} + response.status.should == 404 + end + end + + describe "DELETE /users/:id" do + before { admin } + + it "should delete user" do + delete api("/users/#{user.id}", admin) + response.status.should == 200 + expect { User.find(user.id) }.to raise_error ActiveRecord::RecordNotFound + json_response['email'].should == user.email + end + + it "shouldn't available for non admin users" do + delete api("/users/#{user.id}", user) + response.status.should == 403 + end + + it "should return 404 for non-existing user" do + delete api("/users/999999", admin) + response.status.should == 404 + end + end + describe "GET /user" do it "should return current user" do get api("/user", user)