gitlab-org--gitlab-foss/lib/api/users.rb

module API
  # Users API
  class Users < Grape::API
    before { authenticate! }

    resource :users do
      # Get a users list
      #
      # Example Request:
      #  GET /users
      get do
        @users = User.scoped
        @users = @users.active if params[:active].present?
        @users = @users.search(params[:search]) if params[:search].present?
        @users = paginate @users
        present @users, with: Entities::User
      end

      # Get a single user
      #
      # Parameters:
      #   id (required) - The ID of a user
      # Example Request:
      #   GET /users/:id
      get ":id" do
        @user = User.find(params[:id])
        present @user, with: Entities::User
      end

      # Create user. Available only for admin
      #
      # Parameters:
      #   email (required)                  - Email
      #   password (required)               - Password
      #   name                              - Name
      #   skype                             - Skype ID
      #   linkedin                          - Linkedin
      #   twitter                           - Twitter account
      #   projects_limit                    - Number of projects user can create
      #   extern_uid                        - External authentication provider UID
      #   provider                          - External provider
      #   bio                               - Bio
      #   admin                             - User is admin - true or false (default)
      #   can_create_group                  - User can create groups - true or false
      # Example Request:
      #   POST /users
      post do
        authenticated_as_admin!
        required_attributes! [:email, :password, :name, :username]
        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
        user = User.build_user(attrs, as: :admin)
        admin = attrs.delete(:admin)
        user.admin = admin unless admin.nil?
        if user.save
          present user, with: Entities::User
        else
          not_found!
        end
      end

      # Update user. Available only for admin
      #
      # Parameters:
      #   email                             - Email
      #   name                              - Name
      #   password                          - Password
      #   skype                             - Skype ID
      #   linkedin                          - Linkedin
      #   twitter                           - Twitter account
      #   projects_limit                    - Limit projects each user can create
      #   extern_uid                        - External authentication provider UID
      #   provider                          - External provider
      #   bio                               - Bio
      #   admin                             - User is admin - true or false (default)
      #   can_create_group                  - User can create groups - true or false
      # Example Request:
      #   PUT /users/:id
      put ":id" do
        authenticated_as_admin!

        attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]
        user = User.find(params[:id])
        not_found!("User not found") unless user

        admin = attrs.delete(:admin)
        user.admin = admin unless admin.nil?
        if user.update_attributes(attrs, as: :admin)
          present user, with: Entities::User
        else
          not_found!
        end
      end

      # Add ssh key to a specified user. Only available to admin users.
      #
      # Parameters:
      # id (required) - The ID of a user
      # key (required) - New SSH Key
      # title (required) - New SSH Key's title
      # Example Request:
      # POST /users/:id/keys
      post ":id/keys" do
        authenticated_as_admin!
        user = User.find(params[:id])
        attrs = attributes_for_keys [:title, :key]
        key = user.keys.new attrs
        if key.save
          present key, with: Entities::SSHKey
        else
          not_found!
        end
      end

      # Delete user. Available only for admin
      #
      # Example Request:
      #   DELETE /users/:id
      delete ":id" do
        authenticated_as_admin!
        user = User.find_by_id(params[:id])

        if user
          user.destroy
        else
          not_found!
        end
      end
    end

    resource :user do
      # Get currently authenticated user
      #
      # Example Request:
      #   GET /user
      get do
        present @current_user, with: Entities::UserLogin
      end

      # Get currently authenticated user's keys
      #
      # Example Request:
      #   GET /user/keys
      get "keys" do
        present current_user.keys, with: Entities::SSHKey
      end

      # Get single key owned by currently authenticated user
      #
      # Example Request:
      #   GET /user/keys/:id
      get "keys/:id" do
        key = current_user.keys.find params[:id]
        present key, with: Entities::SSHKey
      end

      # Add new ssh key to currently authenticated user
      #
      # Parameters:
      #   key (required) - New SSH Key
      #   title (required) - New SSH Key's title
      # Example Request:
      #   POST /user/keys
      post "keys" do
        required_attributes! [:title, :key]

        attrs = attributes_for_keys [:title, :key]
        key = current_user.keys.new attrs
        if key.save
          present key, with: Entities::SSHKey
        else
          not_found!
        end
      end

      # Delete existing ssh key of currently authenticated user
      #
      # Parameters:
      #   id (required) - SSH Key ID
      # Example Request:
      #   DELETE /user/keys/:id
      delete "keys/:id" do
        begin
          key = current_user.keys.find params[:id]
          key.destroy
        rescue
        end
      end
    end
  end
end
Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 08:33:31 -04:00			`module API`
refactor API and improve docs 2012-06-29 06:46:01 -04:00			`# Users API`
			`class Users < Grape::API`
			`before { authenticate! }`

			`resource :users do`
			`# Get a users list`
			`#`
			`# Example Request:`
			`# GET /users`
			`get do`
add api users filter and integrate users select2 2013-03-13 15:37:50 -04:00			`@users = User.scoped`
Dont show blocked users in autocomplete 2013-03-19 12:07:14 -04:00			`@users = @users.active if params[:active].present?`
add api users filter and integrate users select2 2013-03-13 15:37:50 -04:00			`@users = @users.search(params[:search]) if params[:search].present?`
Paginate users in users api 2013-04-16 02:26:01 -04:00			`@users = paginate @users`
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 18:07:50 -04:00			`present @users, with: Entities::User`
refactor API and improve docs 2012-06-29 06:46:01 -04:00			`end`

			`# Get a single user`
			`#`
			`# Parameters:`
			`# id (required) - The ID of a user`
			`# Example Request:`
			`# GET /users/:id`
			`get ":id" do`
			`@user = User.find(params[:id])`
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 18:07:50 -04:00			`present @user, with: Entities::User`
refactor API and improve docs 2012-06-29 06:46:01 -04:00			`end`
fix mass-assignment error in user create API 2012-10-19 06:23:10 -04:00
#1585 Api for user creation: base implementation 2012-10-02 05:46:01 -04:00			`# Create user. Available only for admin`
			`#`
			`# Parameters:`
			`# email (required) - Email`
			`# password (required) - Password`
name and password_confirmation not required to create a user via API 2012-10-19 06:34:18 -04:00			`# name - Name`
#1585 Api for user creation: base implementation 2012-10-02 05:46:01 -04:00			`# skype - Skype ID`
fix TYPO 2012-10-02 09:34:20 -04:00			`# linkedin - Linkedin`
#1585 Api for user creation: base implementation 2012-10-02 05:46:01 -04:00			`# twitter - Twitter account`
name and password_confirmation not required to create a user via API 2012-10-19 06:34:18 -04:00			`# projects_limit - Number of projects user can create`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00			`# extern_uid - External authentication provider UID`
			`# provider - External provider`
			`# bio - Bio`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 06:52:23 -04:00			`# admin - User is admin - true or false (default)`
			`# can_create_group - User can create groups - true or false`
#1585 Api for user creation: base implementation 2012-10-02 05:46:01 -04:00			`# Example Request:`
			`# POST /users`
			`post do`
			`authenticated_as_admin!`
API: extracted helper method to validate required parameters, code clean up Added a helper method to check if required parameters are given in an API call. Can be used to return a `400 Bad Request` return code if a required attribute is missing. Code clean up and fixed tests. 2013-02-27 11:50:30 -05:00			`required_attributes! [:email, :password, :name, :username]`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 06:52:23 -04:00			`attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]`
Update to only provide one way to get a default user -calling build_user will now apply defaults and only override them if as: :admin is set Change-Id: Id1d938c0967752ecc14370af54f2d88128d18c44 2013-08-15 17:43:46 -04:00			`user = User.build_user(attrs, as: :admin)`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 06:52:23 -04:00			`admin = attrs.delete(:admin)`
			`user.admin = admin unless admin.nil?`
#1585 Api for user creation: base implementation 2012-10-02 05:46:01 -04:00			`if user.save`
			`present user, with: Entities::User`
			`else`
			`not_found!`
			`end`
			`end`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00
			`# Update user. Available only for admin`
			`#`
			`# Parameters:`
			`# email - Email`
			`# name - Name`
			`# password - Password`
			`# skype - Skype ID`
			`# linkedin - Linkedin`
			`# twitter - Twitter account`
Result of misspellings run. Most of these are comments but a few are strings for users. Might be an idea to run this from time to time: https://github.com/lyda/misspell-check It runs mostly clean now. 2013-03-17 15:46:54 -04:00			`# projects_limit - Limit projects each user can create`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00			`# extern_uid - External authentication provider UID`
			`# provider - External provider`
			`# bio - Bio`
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 06:52:23 -04:00			`# admin - User is admin - true or false (default)`
			`# can_create_group - User can create groups - true or false`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00			`# Example Request:`
			`# PUT /users/:id`
			`put ":id" do`
			`authenticated_as_admin!`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 06:10:51 -05:00
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 06:52:23 -04:00			`attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio, :can_create_group, :admin]`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 06:10:51 -05:00			`user = User.find(params[:id])`
			`not_found!("User not found") unless user`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00
Extended User API to expose admin and can_create_group for user creation/updating. Also, is_admin and can_create_group are exposed in the user information. Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false). 2013-07-31 06:52:23 -04:00			`admin = attrs.delete(:admin)`
			`user.admin = admin unless admin.nil?`
			`if user.update_attributes(attrs, as: :admin)`
Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00			`present user, with: Entities::User`
			`else`
			`not_found!`
			`end`
			`end`

Additional Admin APIs 2012-11-14 15:37:52 -05:00			`# Add ssh key to a specified user. Only available to admin users.`
			`#`
			`# Parameters:`
			`# id (required) - The ID of a user`
			`# key (required) - New SSH Key`
			`# title (required) - New SSH Key's title`
			`# Example Request:`
			`# POST /users/:id/keys`
			`post ":id/keys" do`
			`authenticated_as_admin!`
			`user = User.find(params[:id])`
			`attrs = attributes_for_keys [:title, :key]`
			`key = user.keys.new attrs`
			`if key.save`
			`present key, with: Entities::SSHKey`
			`else`
			`not_found!`
			`end`
			`end`

Extended users API to support updating and deleting users. Also added tests. 2012-12-18 14:24:31 -05:00			`# Delete user. Available only for admin`
			`#`
			`# Example Request:`
			`# DELETE /users/:id`
			`delete ":id" do`
			`authenticated_as_admin!`
			`user = User.find_by_id(params[:id])`

			`if user`
			`user.destroy`
			`else`
			`not_found!`
			`end`
			`end`
refactor API and improve docs 2012-06-29 06:46:01 -04:00			`end`

API: SSH keys belong to user entity 2012-09-21 07:49:28 -04:00			`resource :user do`
			`# Get currently authenticated user`
			`#`
			`# Example Request:`
			`# GET /user`
			`get do`
Abilities added to /user and /sign_in requests 2013-03-18 16:11:28 -04:00			`present @current_user, with: Entities::UserLogin`
API: SSH keys belong to user entity 2012-09-21 07:49:28 -04:00			`end`

			`# Get currently authenticated user's keys`
			`#`
			`# Example Request:`
			`# GET /user/keys`
			`get "keys" do`
			`present current_user.keys, with: Entities::SSHKey`
			`end`

			`# Get single key owned by currently authenticated user`
			`#`
			`# Example Request:`
			`# GET /user/keys/:id`
			`get "keys/:id" do`
			`key = current_user.keys.find params[:id]`
			`present key, with: Entities::SSHKey`
			`end`

			`# Add new ssh key to currently authenticated user`
			`#`
			`# Parameters:`
			`# key (required) - New SSH Key`
			`# title (required) - New SSH Key's title`
			`# Example Request:`
			`# POST /user/keys`
			`post "keys" do`
API: extracted helper method to validate required parameters, code clean up Added a helper method to check if required parameters are given in an API call. Can be used to return a `400 Bad Request` return code if a required attribute is missing. Code clean up and fixed tests. 2013-02-27 11:50:30 -05:00			`required_attributes! [:title, :key]`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 06:10:51 -05:00
API: SSH keys belong to user entity 2012-09-21 07:49:28 -04:00			`attrs = attributes_for_keys [:title, :key]`
			`key = current_user.keys.new attrs`
			`if key.save`
			`present key, with: Entities::SSHKey`
			`else`
			`not_found!`
			`end`
			`end`

API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 06:10:51 -05:00			`# Delete existing ssh key of currently authenticated user`
API: SSH keys belong to user entity 2012-09-21 07:49:28 -04:00			`#`
			`# Parameters:`
			`# id (required) - SSH Key ID`
			`# Example Request:`
			`# DELETE /user/keys/:id`
			`delete "keys/:id" do`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 06:10:51 -05:00			`begin`
			`key = current_user.keys.find params[:id]`
modify api to work with new deploy keys 2013-05-06 09:24:58 -04:00			`key.destroy`
API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. 2013-02-20 06:10:51 -05:00			`rescue`
			`end`
API: SSH keys belong to user entity 2012-09-21 07:49:28 -04:00			`end`
refactor API and improve docs 2012-06-29 06:46:01 -04:00			`end`
			`end`
			`end`