gitlab-org--gitlab-foss/lib/api/users.rb

module API
  # Users API
  class Users < Grape::API
    before { authenticate! }

    resource :users do
      # Get a users list
      #
      # Example Request:
      #  GET /users
      get do
        @users = User.all
        @users = @users.active if params[:active].present?
        @users = @users.search(params[:search]) if params[:search].present?
        @users = paginate @users

        if current_user.is_admin?
          present @users, with: Entities::UserFull
        else
          present @users, with: Entities::UserBasic
        end
      end

      # Get a single user
      #
      # Parameters:
      #   id (required) - The ID of a user
      # Example Request:
      #   GET /users/:id
      get ":id" do
        @user = User.find(params[:id])

        if current_user.is_admin?
          present @user, with: Entities::UserFull
        else
          present @user, with: Entities::UserBasic
        end
      end

      # Create user. Available only for admin
      #
      # Parameters:
      #   email (required)                  - Email
      #   password (required)               - Password
      #   name                              - Name
      #   skype                             - Skype ID
      #   linkedin                          - Linkedin
      #   twitter                           - Twitter account
      #   website_url                       - Website url
      #   projects_limit                    - Number of projects user can create
      #   extern_uid                        - External authentication provider UID
      #   provider                          - External provider
      #   bio                               - Bio
      #   admin                             - User is admin - true or false (default)
      #   can_create_group                  - User can create groups - true or false
      # Example Request:
      #   POST /users
      post do
        authenticated_as_admin!
        required_attributes! [:email, :password, :name, :username]
        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
        user = User.build_user(attrs)
        admin = attrs.delete(:admin)
        user.admin = admin unless admin.nil?
        if user.save
          present user, with: Entities::UserFull
        else
          not_found!
        end
      end

      # Update user. Available only for admin
      #
      # Parameters:
      #   email                             - Email
      #   name                              - Name
      #   password                          - Password
      #   skype                             - Skype ID
      #   linkedin                          - Linkedin
      #   twitter                           - Twitter account
      #   website_url                       - Website url
      #   projects_limit                    - Limit projects each user can create
      #   extern_uid                        - External authentication provider UID
      #   provider                          - External provider
      #   bio                               - Bio
      #   admin                             - User is admin - true or false (default)
      #   can_create_group                  - User can create groups - true or false
      # Example Request:
      #   PUT /users/:id
      put ":id" do
        authenticated_as_admin!

        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
        user = User.find(params[:id])
        not_found!("User not found") unless user

        admin = attrs.delete(:admin)
        user.admin = admin unless admin.nil?
        if user.update_attributes(attrs, as: :admin)
          present user, with: Entities::UserFull
        else
          not_found!
        end
      end

      # Add ssh key to a specified user. Only available to admin users.
      #
      # Parameters:
      # id (required) - The ID of a user
      # key (required) - New SSH Key
      # title (required) - New SSH Key's title
      # Example Request:
      # POST /users/:id/keys
      post ":id/keys" do
        authenticated_as_admin!
        user = User.find(params[:id])
        attrs = attributes_for_keys [:title, :key]
        key = user.keys.new attrs
        if key.save
          present key, with: Entities::SSHKey
        else
          not_found!
        end
      end

      # Get ssh keys of a specified user. Only available to admin users.
      #
      # Parameters:
      # uid (required) - The ID of a user
      # Example Request:
      # GET /users/:uid/keys
      get ':uid/keys' do
        authenticated_as_admin!
        user = User.find_by(id: params[:uid])
        if user
          present user.keys, with: Entities::SSHKey
        else
          not_found!
        end
      end

      # Delete existing ssh key of a specified user. Only available to admin
      # users.
      #
      # Parameters:
      #   uid (required) - The ID of a user
      #   id (required) - SSH Key ID
      # Example Request:
      #   DELETE /users/:uid/keys/:id
      delete ':uid/keys/:id' do
        authenticated_as_admin!
        user = User.find_by(id: params[:uid])
        if user
          begin
            key = user.keys.find params[:id]
            key.destroy
          rescue ActiveRecord::RecordNotFound
            not_found!
          end
        else
          not_found!
        end
      end

      # Delete user. Available only for admin
      #
      # Example Request:
      #   DELETE /users/:id
      delete ":id" do
        authenticated_as_admin!
        user = User.find_by(id: params[:id])

        if user
          user.destroy
        else
          not_found!
        end
      end
    end

    resource :user do
      # Get currently authenticated user
      #
      # Example Request:
      #   GET /user
      get do
        present @current_user, with: Entities::UserLogin
      end

      # Get currently authenticated user's keys
      #
      # Example Request:
      #   GET /user/keys
      get "keys" do
        present current_user.keys, with: Entities::SSHKey
      end

      # Get single key owned by currently authenticated user
      #
      # Example Request:
      #   GET /user/keys/:id
      get "keys/:id" do
        key = current_user.keys.find params[:id]
        present key, with: Entities::SSHKey
      end

      # Add new ssh key to currently authenticated user
      #
      # Parameters:
      #   key (required) - New SSH Key
      #   title (required) - New SSH Key's title
      # Example Request:
      #   POST /user/keys
      post "keys" do
        required_attributes! [:title, :key]

        attrs = attributes_for_keys [:title, :key]
        key = current_user.keys.new attrs
        if key.save
          present key, with: Entities::SSHKey
        else
          not_found!
        end
      end

      # Delete existing ssh key of currently authenticated user
      #
      # Parameters:
      #   id (required) - SSH Key ID
      # Example Request:
      #   DELETE /user/keys/:id
      delete "keys/:id" do
        begin
          key = current_user.keys.find params[:id]
          key.destroy
        rescue
        end
      end
    end
  end
end
Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 12:33:31 +00:00			`module API`
refactor API and improve docs 2012-06-29 10:46:01 +00:00			`# Users API`
			`class Users < Grape::API`
			`before { authenticate! }`

			`resource :users do`
			`# Get a users list`
			`#`
			`# Example Request:`
			`# GET /users`
			`get do`
fix most of warnings 2013-12-14 13:43:48 +00:00			`@users = User.all`
Dont show blocked users in autocomplete 2013-03-19 16:07:14 +00:00			`@users = @users.active if params[:active].present?`
add api users filter and integrate users select2 2013-03-13 19:37:50 +00:00			`@users = @users.search(params[:search]) if params[:search].present?`
Paginate users in users api 2013-04-16 06:26:01 +00:00			`@users = paginate @users`
Dont expose user email via API To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 14:46:48 +00:00
			`if current_user.is_admin?`
			`present @users, with: Entities::UserFull`
			`else`
			`present @users, with: Entities::UserBasic`
			`end`
refactor API and improve docs 2012-06-29 10:46:01 +00:00			`end`

			`# Get a single user`
			`#`
			`# Parameters:`
			`# id (required) - The ID of a user`
			`# Example Request:`
			`# GET /users/:id`
			`get ":id" do`
			`@user = User.find(params[:id])`
Dont expose user email via API To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 14:46:48 +00:00
			`if current_user.is_admin?`
			`present @user, with: Entities::UserFull`
			`else`
			`present @user, with: Entities::UserBasic`
			`end`
refactor API and improve docs 2012-06-29 10:46:01 +00:00			`end`
fix mass-assignment error in user create API 2012-10-19 10:23:10 +00:00
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`# Create user. Available only for admin`
			`#`
			`# Parameters:`
			`# email (required) - Email`
			`# password (required) - Password`
name and password_confirmation not required to create a user via API 2012-10-19 10:34:18 +00:00			`# name - Name`
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`# skype - Skype ID`
fix TYPO 2012-10-02 13:34:20 +00:00			`# linkedin - Linkedin`
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`# twitter - Twitter account`
Add website url to user 2014-01-18 19:07:00 +00:00			`# website_url - Website url`
name and password_confirmation not required to create a user via API 2012-10-19 10:34:18 +00:00			`# projects_limit - Number of projects user can create`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00			`# extern_uid - External authentication provider UID`
			`# provider - External provider`
			`# bio - Bio`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 10:52:23 +00:00			`# admin - User is admin - true or false (default)`
			`# can_create_group - User can create groups - true or false`
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`# Example Request:`
			`# POST /users`
			`post do`
			`authenticated_as_admin!`
API: extracted helper method to validate required parameters, code clean up Added a helper method to check if required parameters are given in an API call. Can be used to return a `400 Bad Request` return code if a required attribute is missing. Code clean up and fixed tests. 2013-02-27 16:50:30 +00:00			`required_attributes! [:email, :password, :name, :username]`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 10:52:23 +00:00			`attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]`
Make app works with strong params Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-26 20:24:17 +00:00			`user = User.build_user(attrs)`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 10:52:23 +00:00			`admin = attrs.delete(:admin)`
			`user.admin = admin unless admin.nil?`
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`if user.save`
Dont expose user email via API To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 14:46:48 +00:00			`present user, with: Entities::UserFull`
#1585 Api for user creation: base implementation 2012-10-02 09:46:01 +00:00			`else`
			`not_found!`
			`end`
			`end`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00
			`# Update user. Available only for admin`
			`#`
			`# Parameters:`
			`# email - Email`
			`# name - Name`
			`# password - Password`
			`# skype - Skype ID`
			`# linkedin - Linkedin`
			`# twitter - Twitter account`
Add website url to user 2014-01-18 19:07:00 +00:00			`# website_url - Website url`
Result of misspellings run. Most of these are comments but a few are strings for users. Might be an idea to run this from time to time: https://github.com/lyda/misspell-check It runs mostly clean now. 2013-03-17 19:46:54 +00:00			`# projects_limit - Limit projects each user can create`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00			`# extern_uid - External authentication provider UID`
			`# provider - External provider`
			`# bio - Bio`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 10:52:23 +00:00			`# admin - User is admin - true or false (default)`
			`# can_create_group - User can create groups - true or false`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00			`# Example Request:`
			`# PUT /users/:id`
			`put ":id" do`
			`authenticated_as_admin!`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 11:10:51 +00:00
Add website url to user 2014-01-18 19:07:00 +00:00			`attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :website_url, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 11:10:51 +00:00			`user = User.find(params[:id])`
			`not_found!("User not found") unless user`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 10:52:23 +00:00			`admin = attrs.delete(:admin)`
			`user.admin = admin unless admin.nil?`
			`if user.update_attributes(attrs, as: :admin)`
Dont expose user email via API To prevent leaking of users info we reduce amount of user information retrieved via API for normal users. What user can get via API: * if not admin: only id, state, name, username and avatar_url * if admin: all user information * about himself: all informaion Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-06-13 14:46:48 +00:00			`present user, with: Entities::UserFull`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00			`else`
			`not_found!`
			`end`
			`end`

Additional Admin APIs 2012-11-14 20:37:52 +00:00			`# Add ssh key to a specified user. Only available to admin users.`
			`#`
			`# Parameters:`
			`# id (required) - The ID of a user`
			`# key (required) - New SSH Key`
			`# title (required) - New SSH Key's title`
			`# Example Request:`
			`# POST /users/:id/keys`
			`post ":id/keys" do`
			`authenticated_as_admin!`
			`user = User.find(params[:id])`
			`attrs = attributes_for_keys [:title, :key]`
			`key = user.keys.new attrs`
			`if key.save`
			`present key, with: Entities::SSHKey`
			`else`
			`not_found!`
			`end`
			`end`

Implement GET /users/:uid/keys for admin users Complements POST operation added in gitlabhq/gitlabhq#3146 Implement DELETE /users/:uid/keys/:id for admin users Fix "Line is too long. [83/80]" Use single quotes as advised Use single quotes as advised Use single quotes as advised Fix missing space around { and } Fix typo in documentation Only catch ActiveRecord::RecordNotFound, let other exceptions propagate Raise a "404 Not found" if key to be deleted cannot be found As requested by @jvanbaarsen in https://github.com/gitlabhq/gitlabhq/pull/6781#discussion_r11735114 Remove tab Unconfigured vim on this box, grrrr./ 2014-04-15 14:39:46 +00:00			`# Get ssh keys of a specified user. Only available to admin users.`
			`#`
			`# Parameters:`
			`# uid (required) - The ID of a user`
			`# Example Request:`
			`# GET /users/:uid/keys`
			`get ':uid/keys' do`
			`authenticated_as_admin!`
			`user = User.find_by(id: params[:uid])`
			`if user`
			`present user.keys, with: Entities::SSHKey`
			`else`
			`not_found!`
			`end`
			`end`

			`# Delete existing ssh key of a specified user. Only available to admin`
			`# users.`
			`#`
			`# Parameters:`
			`# uid (required) - The ID of a user`
			`# id (required) - SSH Key ID`
			`# Example Request:`
			`# DELETE /users/:uid/keys/:id`
			`delete ':uid/keys/:id' do`
			`authenticated_as_admin!`
			`user = User.find_by(id: params[:uid])`
			`if user`
			`begin`
			`key = user.keys.find params[:id]`
			`key.destroy`
			`rescue ActiveRecord::RecordNotFound`
			`not_found!`
			`end`
			`else`
			`not_found!`
			`end`
			`end`

Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00			`# Delete user. Available only for admin`
			`#`
			`# Example Request:`
			`# DELETE /users/:id`
			`delete ":id" do`
			`authenticated_as_admin!`
Remove deprecated finders 2014-01-19 18:55:59 +00:00			`user = User.find_by(id: params[:id])`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 19:24:31 +00:00
			`if user`
			`user.destroy`
			`else`
			`not_found!`
			`end`
			`end`
refactor API and improve docs 2012-06-29 10:46:01 +00:00			`end`

API: SSH keys belong to user entity 2012-09-21 11:49:28 +00:00			`resource :user do`
			`# Get currently authenticated user`
			`#`
			`# Example Request:`
			`# GET /user`
			`get do`
Abilities added to /user and /sign_in requests 2013-03-18 20:11:28 +00:00			`present @current_user, with: Entities::UserLogin`
API: SSH keys belong to user entity 2012-09-21 11:49:28 +00:00			`end`

			`# Get currently authenticated user's keys`
			`#`
			`# Example Request:`
			`# GET /user/keys`
			`get "keys" do`
			`present current_user.keys, with: Entities::SSHKey`
			`end`

			`# Get single key owned by currently authenticated user`
			`#`
			`# Example Request:`
			`# GET /user/keys/:id`
			`get "keys/:id" do`
			`key = current_user.keys.find params[:id]`
			`present key, with: Entities::SSHKey`
			`end`

			`# Add new ssh key to currently authenticated user`
			`#`
			`# Parameters:`
			`# key (required) - New SSH Key`
			`# title (required) - New SSH Key's title`
			`# Example Request:`
			`# POST /user/keys`
			`post "keys" do`
API: extracted helper method to validate required parameters, code clean up Added a helper method to check if required parameters are given in an API call. Can be used to return a `400 Bad Request` return code if a required attribute is missing. Code clean up and fixed tests. 2013-02-27 16:50:30 +00:00			`required_attributes! [:title, :key]`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 11:10:51 +00:00
API: SSH keys belong to user entity 2012-09-21 11:49:28 +00:00			`attrs = attributes_for_keys [:title, :key]`
			`key = current_user.keys.new attrs`
			`if key.save`
			`present key, with: Entities::SSHKey`
			`else`
			`not_found!`
			`end`
			`end`

API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 11:10:51 +00:00			`# Delete existing ssh key of currently authenticated user`
API: SSH keys belong to user entity 2012-09-21 11:49:28 +00:00			`#`
			`# Parameters:`
			`# id (required) - SSH Key ID`
			`# Example Request:`
			`# DELETE /user/keys/:id`
			`delete "keys/:id" do`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 11:10:51 +00:00			`begin`
			`key = current_user.keys.find params[:id]`
modify api to work with new deploy keys 2013-05-06 13:24:58 +00:00			`key.destroy`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 11:10:51 +00:00			`rescue`
			`end`
API: SSH keys belong to user entity 2012-09-21 11:49:28 +00:00			`end`
refactor API and improve docs 2012-06-29 10:46:01 +00:00			`end`
			`end`
			`end`