Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
GitLab
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
projects.thm.de
GitLab
Commits
8f690604
Commit
8f690604
authored
Feb 20, 2017
by
Robert Schilling
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
API: Use POST to (un)block a user
parent
bc0b438d
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
127 additions
and
21 deletions
+127
-21
changelogs/unreleased/api-post-block.yml
changelogs/unreleased/api-post-block.yml
+4
-0
doc/api/users.md
doc/api/users.md
+4
-4
doc/api/v3_to_v4.md
doc/api/v3_to_v4.md
+1
-0
lib/api/users.rb
lib/api/users.rb
+2
-2
lib/api/v3/users.rb
lib/api/v3/users.rb
+32
-0
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+15
-15
spec/requests/api/v3/users_spec.rb
spec/requests/api/v3/users_spec.rb
+69
-0
No files found.
changelogs/unreleased/api-post-block.yml
0 → 100644
View file @
8f690604
---
title
:
'
API:
Use
POST
to
(un)block
a
user'
merge_request
:
9371
author
:
Robert Schilling
doc/api/users.md
View file @
8f690604
...
...
@@ -659,14 +659,14 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
Blocks the specified user. Available only for admin.
```
P
U
T /users/:id/block
P
OS
T /users/:id/block
```
Parameters:
-
`id`
(required) - id of specified user
Will return
`20
0
OK`
on success,
`404 User Not Found`
is user cannot be found or
Will return
`20
1
OK`
on success,
`404 User Not Found`
is user cannot be found or
`403 Forbidden`
when trying to block an already blocked user by LDAP synchronization.
## Unblock user
...
...
@@ -674,14 +674,14 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
Unblocks the specified user. Available only for admin.
```
P
U
T /users/:id/unblock
P
OS
T /users/:id/unblock
```
Parameters:
-
`id`
(required) - id of specified user
Will return
`20
0
OK`
on success,
`404 User Not Found`
is user cannot be found or
Will return
`20
1
OK`
on success,
`404 User Not Found`
is user cannot be found or
`403 Forbidden`
when trying to unblock a user blocked by LDAP synchronization.
### Get user contribution events
...
...
doc/api/v3_to_v4.md
View file @
8f690604
...
...
@@ -26,3 +26,4 @@ changes are in V4:
-
Endpoints
`/projects/owned`
,
`/projects/visible`
,
`/projects/starred`
&
`/projects/all`
are consolidated into
`/projects`
using query parameters
-
Return pagination headers for all endpoints that return an array
-
Removed
`DELETE projects/:id/deploy_keys/:key_id/disable`
. Use
`DELETE projects/:id/deploy_keys/:key_id`
instead
-
Moved
`PUT /users/:id/(block|unblock)`
to
`POST /users/:id/(block|unblock)`
lib/api/users.rb
View file @
8f690604
...
...
@@ -314,7 +314,7 @@ class Users < Grape::API
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
p
u
t
':id/block'
do
p
os
t
':id/block'
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
...
...
@@ -330,7 +330,7 @@ class Users < Grape::API
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
p
u
t
':id/unblock'
do
p
os
t
':id/unblock'
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
...
...
lib/api/v3/users.rb
View file @
8f690604
...
...
@@ -39,6 +39,38 @@ class Users < Grape::API
present
user
.
emails
,
with:
::
API
::
Entities
::
Email
end
desc
'Block a user. Available only for admins.'
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
put
':id/block'
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
if
!
user
.
ldap_blocked?
user
.
block
else
forbidden!
(
'LDAP blocked users cannot be modified by the API'
)
end
end
desc
'Unblock a user. Available only for admins.'
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
end
put
':id/unblock'
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
if
user
.
ldap_blocked?
forbidden!
(
'LDAP blocked users cannot be unblocked by the API'
)
else
user
.
activate
end
end
end
resource
:user
do
...
...
spec/requests/api/users_spec.rb
View file @
8f690604
...
...
@@ -1003,69 +1003,69 @@
end
end
describe
'P
U
T /users/:id/block'
do
describe
'P
OS
T /users/:id/block'
do
before
{
admin
}
it
'blocks existing user'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
0
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
1
)
expect
(
user
.
reload
.
state
).
to
eq
(
'blocked'
)
end
it
'does not re-block ldap blocked users'
do
p
u
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/block"
,
admin
)
p
os
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
it
'does not be available for non admin users'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/block"
,
user
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/block"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'returns a 404 error if user id not found'
do
p
u
t
api
(
'/users/9999/block'
,
admin
)
p
os
t
api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
end
describe
'P
U
T /users/:id/unblock'
do
describe
'P
OS
T /users/:id/unblock'
do
let
(
:blocked_user
)
{
create
(
:user
,
state:
'blocked'
)
}
before
{
admin
}
it
'unblocks existing user'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
0
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
1
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'unblocks a blocked user'
do
p
u
t
api
(
"/users/
#{
blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
0
)
p
os
t
api
(
"/users/
#{
blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
20
1
)
expect
(
blocked_user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'does not unblock ldap blocked users'
do
p
u
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/unblock"
,
admin
)
p
os
t
api
(
"/users/
#{
ldap_blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
it
'does not be available for non admin users'
do
p
u
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
user
)
p
os
t
api
(
"/users/
#{
user
.
id
}
/unblock"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'returns a 404 error if user id not found'
do
p
u
t
api
(
'/users/9999/block'
,
admin
)
p
os
t
api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
it
"returns a 404 for invalid ID"
do
p
u
t
api
(
"/users/ASDF/block"
,
admin
)
p
os
t
api
(
"/users/ASDF/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
end
...
...
spec/requests/api/v3/users_spec.rb
View file @
8f690604
...
...
@@ -7,6 +7,7 @@
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:email
)
{
create
(
:email
,
user:
user
)
}
let
(
:ldap_blocked_user
)
{
create
(
:omniauth_user
,
provider:
'ldapmain'
,
state:
'ldap_blocked'
)
}
describe
'GET /user/:id/keys'
do
before
{
admin
}
...
...
@@ -117,4 +118,72 @@
end
end
end
describe
'PUT /users/:id/block'
do
before
{
admin
}
it
'blocks existing user'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
user
.
reload
.
state
).
to
eq
(
'blocked'
)
end
it
'does not re-block ldap blocked users'
do
put
v3_api
(
"/users/
#{
ldap_blocked_user
.
id
}
/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
it
'does not be available for non admin users'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/block"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'returns a 404 error if user id not found'
do
put
v3_api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
end
describe
'PUT /users/:id/unblock'
do
let
(
:blocked_user
)
{
create
(
:user
,
state:
'blocked'
)
}
before
{
admin
}
it
'unblocks existing user'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'unblocks a blocked user'
do
put
v3_api
(
"/users/
#{
blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
blocked_user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'does not unblock ldap blocked users'
do
put
v3_api
(
"/users/
#{
ldap_blocked_user
.
id
}
/unblock"
,
admin
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
ldap_blocked_user
.
reload
.
state
).
to
eq
(
'ldap_blocked'
)
end
it
'does not be available for non admin users'
do
put
v3_api
(
"/users/
#{
user
.
id
}
/unblock"
,
user
)
expect
(
response
).
to
have_http_status
(
403
)
expect
(
user
.
reload
.
state
).
to
eq
(
'active'
)
end
it
'returns a 404 error if user id not found'
do
put
v3_api
(
'/users/9999/block'
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
expect
(
json_response
[
'message'
]).
to
eq
(
'404 User Not Found'
)
end
it
"returns a 404 for invalid ID"
do
put
v3_api
(
"/users/ASDF/block"
,
admin
)
expect
(
response
).
to
have_http_status
(
404
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment