Merge branch '23731-add-param-to-user-api' into 'master'

Add query param to filter users by 'external' & 'blocked' type on API Closes #23731 See merge request !7109

Merge branch '23731-add-param-to-user-api' into 'master'
2976ad40 · Sean McGivern · 0d73e491 · a0aaf93f · 2976ad40 · 2976ad40
Commit 2976ad40 authored Nov 09, 2016 by Sean McGivern
Showing with 45 additions and 1 deletion

23731-add-param-to-user-api.yml changelogs/unreleased/23731-add-param-to-user-api.yml +4 -0

users.md doc/api/users.md +14 -0

users.rb lib/api/users.rb +6 -1

users_spec.rb spec/requests/api/users_spec.rb +21 -0

No files found.
--- a/changelogs/unreleased/23731-add-param-to-user-api.yml
+++ b/changelogs/unreleased/23731-add-param-to-user-api.yml
+---
+title: Add query param to filter users by external & blocked type
+merge_request: 7109
+author: Yatish Mehta
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -33,6 +33,18 @@ GET /users
 ]
 ```

+In addition, you can filter users based on states eg. `blocked`, `active`
+This works only to filter users who are `blocked` or `active`.
+It does not support `active=false` or `blocked=false`.
+
+```
+GET /users?active=true
+```
+
+```
+GET /users?blocked=true
+```
+
 ### For admins

 ```
@@ -120,6 +132,8 @@ For example:
 GET /users?username=jack_smith
 ```

+You can search for users who are external with: `/users?external=true`
+
 ## Single user

 Get a single user.

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -10,6 +10,9 @@ module API
      #  GET /users
      #  GET /users?search=Admin
      #  GET /users?username=root
+      #  GET /users?active=true
+      #  GET /users?external=true
+      #  GET /users?blocked=true
      get do
        unless can?(current_user, :read_users_list, nil)
          render_api_error!("Not authorized.", 403)
@@ -19,8 +22,10 @@ module API
          @users = User.where(username: params[:username])
        else
          @users = User.all
-          @users = @users.active if params[:active].present?
+          @users = @users.active if to_boolean(params[:active])
          @users = @users.search(params[:search]) if params[:search].present?
+          @users = @users.blocked if to_boolean(params[:blocked])
+          @users = @users.external if to_boolean(params[:external]) && current_user.is_admin?
          @users = paginate @users
        end


--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -48,6 +48,17 @@ describe API::API, api: true  do
        end['username']).to eq(username)
      end

+      it "returns an array of blocked users" do
+        ldap_blocked_user
+        create(:user, state: 'blocked')
+
+        get api("/users?blocked=true", user)
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an Array
+        expect(json_response).to all(include('state' => /(blocked|ldap_blocked)/))
+      end
+
      it "returns one user" do
        get api("/users?username=#{omniauth_user.username}", user)
        expect(response).to have_http_status(200)
@@ -69,6 +80,16 @@ describe API::API, api: true  do
        expect(json_response.first.keys).to include 'last_sign_in_at'
        expect(json_response.first.keys).to include 'confirmed_at'
      end
+
+      it "returns an array of external users" do
+        create(:user, external: true)
+
+        get api("/users?external=true", admin)
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an Array
+        expect(json_response).to all(include('external' => true))
+      end
    end
  end