2018-09-29 18:34:47 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2013-05-14 08:33:31 -04:00
|
|
|
module API
|
2012-06-29 06:46:01 -04:00
|
|
|
class Users < Grape::API
|
2016-12-04 12:11:19 -05:00
|
|
|
include PaginationParams
|
2017-06-20 03:40:24 -04:00
|
|
|
include APIGuard
|
2017-12-22 10:54:55 -05:00
|
|
|
include Helpers::CustomAttributes
|
2017-06-20 03:40:24 -04:00
|
|
|
|
|
|
|
allow_access_with_scope :read_user, if: -> (request) { request.get? }
|
2016-12-04 12:11:19 -05:00
|
|
|
|
2015-08-13 09:35:42 -04:00
|
|
|
resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do
|
2017-09-28 12:49:42 -04:00
|
|
|
include CustomAttributesEndpoints
|
|
|
|
|
2017-07-04 08:19:48 -04:00
|
|
|
before do
|
|
|
|
authenticate_non_get!
|
|
|
|
end
|
|
|
|
|
2019-05-28 06:14:26 -04:00
|
|
|
helpers Helpers::UsersHelpers
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
helpers do
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-09-21 10:10:33 -04:00
|
|
|
def find_user_by_id(params)
|
2017-03-01 11:59:03 -05:00
|
|
|
id = params[:user_id] || params[:id]
|
|
|
|
User.find_by(id: id) || not_found!('User')
|
2017-02-23 12:47:06 -05:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-02-23 12:47:06 -05:00
|
|
|
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2018-02-06 08:37:52 -05:00
|
|
|
def reorder_users(users)
|
|
|
|
if params[:order_by] && params[:sort]
|
2019-02-16 05:03:42 -05:00
|
|
|
users.reorder(order_options_with_tie_breaker)
|
2018-02-06 08:37:52 -05:00
|
|
|
else
|
|
|
|
users
|
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2018-02-06 08:37:52 -05:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
params :optional_attributes do
|
|
|
|
optional :skype, type: String, desc: 'The Skype username'
|
|
|
|
optional :linkedin, type: String, desc: 'The LinkedIn username'
|
|
|
|
optional :twitter, type: String, desc: 'The Twitter username'
|
|
|
|
optional :website_url, type: String, desc: 'The website of the user'
|
|
|
|
optional :organization, type: String, desc: 'The organization of the user'
|
|
|
|
optional :projects_limit, type: Integer, desc: 'The number of projects a user can create'
|
2017-01-03 02:44:33 -05:00
|
|
|
optional :extern_uid, type: String, desc: 'The external authentication provider UID'
|
2016-10-27 04:20:06 -04:00
|
|
|
optional :provider, type: String, desc: 'The external provider'
|
|
|
|
optional :bio, type: String, desc: 'The biography of the user'
|
|
|
|
optional :location, type: String, desc: 'The location of the user'
|
2018-09-26 11:27:26 -04:00
|
|
|
optional :public_email, type: String, desc: 'The public email of the user'
|
2016-10-27 04:20:06 -04:00
|
|
|
optional :admin, type: Boolean, desc: 'Flag indicating the user is an administrator'
|
|
|
|
optional :can_create_group, type: Boolean, desc: 'Flag indicating the user can create groups'
|
|
|
|
optional :external, type: Boolean, desc: 'Flag indicating the user is an external user'
|
2019-09-18 10:02:45 -04:00
|
|
|
# TODO: remove rubocop disable - https://gitlab.com/gitlab-org/gitlab/issues/14960
|
2019-09-10 12:24:10 -04:00
|
|
|
optional :avatar, type: File, desc: 'Avatar image for user' # rubocop:disable Scalability/FileUploads
|
2019-07-15 17:07:54 -04:00
|
|
|
optional :private_profile, type: Boolean, default: false, desc: 'Flag indicating the user has a private profile'
|
2016-10-27 04:20:06 -04:00
|
|
|
all_or_none_of :extern_uid, :provider
|
2019-03-25 10:33:16 -04:00
|
|
|
|
2019-05-28 06:14:26 -04:00
|
|
|
use :optional_params_ee
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2018-02-06 08:37:52 -05:00
|
|
|
|
|
|
|
params :sort_params do
|
|
|
|
optional :order_by, type: String, values: %w[id name username created_at updated_at],
|
|
|
|
default: 'id', desc: 'Return users ordered by a field'
|
|
|
|
optional :sort, type: String, values: %w[asc desc], default: 'desc',
|
|
|
|
desc: 'Return users sorted in ascending and descending order'
|
|
|
|
end
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
desc 'Get the list of users' do
|
|
|
|
success Entities::UserBasic
|
|
|
|
end
|
|
|
|
params do
|
2017-04-05 12:31:15 -04:00
|
|
|
# CE
|
2016-10-27 04:20:06 -04:00
|
|
|
optional :username, type: String, desc: 'Get a single user with a specific username'
|
2017-02-15 20:44:36 -05:00
|
|
|
optional :extern_uid, type: String, desc: 'Get a single user with a specific external authentication provider UID'
|
|
|
|
optional :provider, type: String, desc: 'The external provider'
|
2016-10-27 04:20:06 -04:00
|
|
|
optional :search, type: String, desc: 'Search for a username'
|
|
|
|
optional :active, type: Boolean, default: false, desc: 'Filters only active users'
|
|
|
|
optional :external, type: Boolean, default: false, desc: 'Filters only external users'
|
|
|
|
optional :blocked, type: Boolean, default: false, desc: 'Filters only blocked users'
|
2017-07-07 03:29:00 -04:00
|
|
|
optional :created_after, type: DateTime, desc: 'Return users created after the specified time'
|
|
|
|
optional :created_before, type: DateTime, desc: 'Return users created before the specified time'
|
2017-02-15 20:44:36 -05:00
|
|
|
all_or_none_of :extern_uid, :provider
|
2017-04-05 12:31:15 -04:00
|
|
|
|
2018-02-06 08:37:52 -05:00
|
|
|
use :sort_params
|
2016-12-04 12:11:19 -05:00
|
|
|
use :pagination
|
2017-12-22 10:54:55 -05:00
|
|
|
use :with_custom_attributes
|
2019-05-28 06:14:26 -04:00
|
|
|
use :optional_index_params_ee
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2012-06-29 06:46:01 -04:00
|
|
|
get do
|
2017-02-15 20:44:36 -05:00
|
|
|
authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)
|
|
|
|
|
2017-07-07 10:09:30 -04:00
|
|
|
unless current_user&.admin?
|
2018-04-20 05:21:48 -04:00
|
|
|
params.except!(:created_after, :created_before, :order_by, :sort, :two_factor)
|
2017-07-07 03:29:00 -04:00
|
|
|
end
|
|
|
|
|
2017-05-15 09:53:12 -04:00
|
|
|
users = UsersFinder.new(current_user, params).execute
|
2018-02-06 08:37:52 -05:00
|
|
|
users = reorder_users(users)
|
2014-06-13 10:46:48 -04:00
|
|
|
|
2017-06-29 03:43:41 -04:00
|
|
|
authorized = can?(current_user, :read_users_list)
|
2017-06-26 03:20:30 -04:00
|
|
|
|
2017-06-29 03:43:41 -04:00
|
|
|
# When `current_user` is not present, require that the `username`
|
|
|
|
# parameter is passed, to prevent an unauthenticated user from accessing
|
|
|
|
# a list of all the users on the GitLab instance. `UsersFinder` performs
|
|
|
|
# an exact match on the `username` parameter, so we are guaranteed to
|
|
|
|
# get either 0 or 1 `users` here.
|
|
|
|
authorized &&= params[:username].present? if current_user.blank?
|
2017-06-26 03:20:30 -04:00
|
|
|
|
2017-06-29 03:43:41 -04:00
|
|
|
forbidden!("Not authorized to access /api/v4/users") unless authorized
|
|
|
|
|
|
|
|
entity = current_user&.admin? ? Entities::UserWithAdmin : Entities::UserBasic
|
2017-12-04 04:49:53 -05:00
|
|
|
users = users.preload(:identities, :u2f_registrations) if entity == Entities::UserWithAdmin
|
2018-07-24 08:46:19 -04:00
|
|
|
users, options = with_custom_attributes(users, { with: entity, current_user: current_user })
|
2017-12-04 04:49:53 -05:00
|
|
|
|
2017-12-22 10:54:55 -05:00
|
|
|
present paginate(users), options
|
2012-06-29 06:46:01 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2012-06-29 06:46:01 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Get a single user' do
|
2017-08-11 08:08:20 -04:00
|
|
|
success Entities::User
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2017-12-22 10:54:55 -05:00
|
|
|
|
|
|
|
use :with_custom_attributes
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2012-06-29 06:46:01 -04:00
|
|
|
get ":id" do
|
2016-10-27 04:20:06 -04:00
|
|
|
user = User.find_by(id: params[:id])
|
2017-08-11 08:08:20 -04:00
|
|
|
not_found!('User') unless user && can?(current_user, :read_user, user)
|
|
|
|
|
2019-03-22 05:54:03 -04:00
|
|
|
opts = { with: current_user&.admin? ? Entities::UserDetailsWithAdmin : Entities::User, current_user: current_user }
|
2017-12-22 10:54:55 -05:00
|
|
|
user, opts = with_custom_attributes(user, opts)
|
|
|
|
|
2017-08-11 08:08:20 -04:00
|
|
|
present user, opts
|
2012-06-29 06:46:01 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2012-10-19 06:23:10 -04:00
|
|
|
|
2018-07-13 11:52:31 -04:00
|
|
|
desc "Get the status of a user"
|
|
|
|
params do
|
2019-01-31 05:13:23 -05:00
|
|
|
requires :user_id, type: String, desc: 'The ID or username of the user'
|
2018-07-13 11:52:31 -04:00
|
|
|
end
|
2019-01-31 05:13:23 -05:00
|
|
|
get ":user_id/status", requirements: API::USER_REQUIREMENTS do
|
|
|
|
user = find_user(params[:user_id])
|
2018-07-13 11:52:31 -04:00
|
|
|
not_found!('User') unless user && can?(current_user, :read_user, user)
|
|
|
|
|
|
|
|
present user.status || {}, with: Entities::UserStatus
|
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Create a user. Available only for admins.' do
|
2019-07-16 05:22:40 -04:00
|
|
|
success Entities::UserWithAdmin
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :email, type: String, desc: 'The email of the user'
|
2017-02-03 09:49:27 -05:00
|
|
|
optional :password, type: String, desc: 'The password of the new user'
|
|
|
|
optional :reset_password, type: Boolean, desc: 'Flag indicating the user will be sent a password reset token'
|
2017-11-21 10:47:58 -05:00
|
|
|
optional :skip_confirmation, type: Boolean, desc: 'Flag indicating the account is confirmed'
|
2017-02-03 09:49:27 -05:00
|
|
|
at_least_one_of :password, :reset_password
|
2016-10-27 04:20:06 -04:00
|
|
|
requires :name, type: String, desc: 'The name of the user'
|
|
|
|
requires :username, type: String, desc: 'The username of the user'
|
2019-06-27 15:41:51 -04:00
|
|
|
optional :force_random_password, type: Boolean, desc: 'Flag indicating a random password will be set'
|
2016-10-27 04:20:06 -04:00
|
|
|
use :optional_attributes
|
|
|
|
end
|
2012-10-02 05:46:01 -04:00
|
|
|
post do
|
|
|
|
authenticated_as_admin!
|
2016-10-27 04:20:06 -04:00
|
|
|
|
2017-03-27 05:37:24 -04:00
|
|
|
params = declared_params(include_missing: false)
|
2017-06-19 09:35:44 -04:00
|
|
|
user = ::Users::CreateService.new(current_user, params).execute(skip_authorization: true)
|
2017-02-03 09:49:27 -05:00
|
|
|
|
2017-03-27 05:37:24 -04:00
|
|
|
if user.persisted?
|
2019-07-16 05:22:40 -04:00
|
|
|
present user, with: Entities::UserWithAdmin, current_user: current_user
|
2012-10-02 05:46:01 -04:00
|
|
|
else
|
2017-06-21 09:48:12 -04:00
|
|
|
conflict!('Email has already been taken') if User
|
2018-10-18 05:06:44 -04:00
|
|
|
.by_any_email(user.email.downcase)
|
|
|
|
.any?
|
2014-08-18 14:09:09 -04:00
|
|
|
|
2017-06-21 09:48:12 -04:00
|
|
|
conflict!('Username has already been taken') if User
|
2018-10-18 05:06:44 -04:00
|
|
|
.by_username(user.username)
|
|
|
|
.any?
|
2014-08-18 14:09:09 -04:00
|
|
|
|
|
|
|
render_validation_error!(user)
|
2012-10-02 05:46:01 -04:00
|
|
|
end
|
|
|
|
end
|
2012-12-18 14:24:31 -05:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Update a user. Available only for admins.' do
|
2019-07-16 05:22:40 -04:00
|
|
|
success Entities::UserWithAdmin
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
optional :email, type: String, desc: 'The email of the user'
|
|
|
|
optional :password, type: String, desc: 'The password of the new user'
|
2017-11-21 10:47:58 -05:00
|
|
|
optional :skip_reconfirmation, type: Boolean, desc: 'Flag indicating the account skips the confirmation by email'
|
2016-10-27 04:20:06 -04:00
|
|
|
optional :name, type: String, desc: 'The name of the user'
|
|
|
|
optional :username, type: String, desc: 'The username of the user'
|
|
|
|
use :optional_attributes
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2012-12-18 14:24:31 -05:00
|
|
|
put ":id" do
|
|
|
|
authenticated_as_admin!
|
2013-02-20 06:10:51 -05:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
user = User.find_by(id: params.delete(:id))
|
2014-08-18 14:09:09 -04:00
|
|
|
not_found!('User') unless user
|
2012-12-18 14:24:31 -05:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
conflict!('Email has already been taken') if params[:email] &&
|
2018-10-18 05:06:44 -04:00
|
|
|
User.by_any_email(params[:email].downcase)
|
2017-06-21 09:48:12 -04:00
|
|
|
.where.not(id: user.id).count > 0
|
2014-08-18 14:09:09 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
conflict!('Username has already been taken') if params[:username] &&
|
2018-10-18 05:06:44 -04:00
|
|
|
User.by_username(params[:username])
|
2017-06-21 09:48:12 -04:00
|
|
|
.where.not(id: user.id).count > 0
|
2014-08-18 14:09:09 -04:00
|
|
|
|
2016-11-21 11:44:24 -05:00
|
|
|
user_params = declared_params(include_missing: false)
|
2015-09-22 17:26:59 -04:00
|
|
|
|
2017-02-21 18:50:22 -05:00
|
|
|
user_params[:password_expires_at] = Time.now if user_params[:password].present?
|
2019-06-19 16:27:34 -04:00
|
|
|
result = ::Users::UpdateService.new(current_user, user_params.merge(user: user)).execute
|
2017-06-15 10:42:14 -04:00
|
|
|
|
|
|
|
if result[:status] == :success
|
2019-07-16 05:22:40 -04:00
|
|
|
present user, with: Entities::UserWithAdmin, current_user: current_user
|
2012-12-18 14:24:31 -05:00
|
|
|
else
|
2014-08-18 14:09:09 -04:00
|
|
|
render_validation_error!(user)
|
2012-12-18 14:24:31 -05:00
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2012-12-18 14:24:31 -05:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Add an SSH key to a specified user. Available only for admins.' do
|
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :key, type: String, desc: 'The new SSH key'
|
|
|
|
requires :title, type: String, desc: 'The title of the new SSH key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2012-11-14 15:37:52 -05:00
|
|
|
post ":id/keys" do
|
|
|
|
authenticated_as_admin!
|
2014-08-18 14:09:09 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
user = User.find_by(id: params.delete(:id))
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
key = user.keys.new(declared_params(include_missing: false))
|
|
|
|
|
2012-11-14 15:37:52 -05:00
|
|
|
if key.save
|
|
|
|
present key, with: Entities::SSHKey
|
|
|
|
else
|
2014-08-18 14:09:09 -04:00
|
|
|
render_validation_error!(key)
|
2012-11-14 15:37:52 -05:00
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2012-11-14 15:37:52 -05:00
|
|
|
|
2018-06-28 02:13:21 -04:00
|
|
|
desc 'Get the SSH keys of a specified user.' do
|
2016-10-27 04:20:06 -04:00
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
|
|
|
params do
|
2020-01-20 04:08:32 -05:00
|
|
|
requires :user_id, type: String, desc: 'The ID or username of the user'
|
2017-01-16 23:45:07 -05:00
|
|
|
use :pagination
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2020-01-20 04:08:32 -05:00
|
|
|
get ':user_id/keys', requirements: API::USER_REQUIREMENTS do
|
|
|
|
user = find_user(params[:user_id])
|
2018-06-28 02:13:21 -04:00
|
|
|
not_found!('User') unless user && can?(current_user, :read_user, user)
|
2014-08-18 14:09:09 -04:00
|
|
|
|
2017-01-16 23:45:07 -05:00
|
|
|
present paginate(user.keys), with: Entities::SSHKey
|
2014-04-15 10:39:46 -04:00
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Delete an existing SSH key from a specified user. Available only for admins.' do
|
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
delete ':id/keys/:key_id' do
|
2014-04-15 10:39:46 -04:00
|
|
|
authenticated_as_admin!
|
2016-10-27 04:20:06 -04:00
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
2014-08-18 14:09:09 -04:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
key = user.keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('Key') unless key
|
|
|
|
|
2017-03-02 07:14:13 -05:00
|
|
|
destroy_conditionally!(key)
|
2014-04-15 10:39:46 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2014-04-15 10:39:46 -04:00
|
|
|
|
2017-08-25 06:24:41 -04:00
|
|
|
desc 'Add a GPG key to a specified user. Available only for admins.' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
success Entities::GPGKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :key, type: String, desc: 'The new GPG key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
post ':id/gpg_keys' do
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
|
|
|
user = User.find_by(id: params.delete(:id))
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
key = user.gpg_keys.new(declared_params(include_missing: false))
|
|
|
|
|
|
|
|
if key.save
|
|
|
|
present key, with: Entities::GPGKey
|
|
|
|
else
|
|
|
|
render_validation_error!(key)
|
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
|
|
|
|
desc 'Get the GPG keys of a specified user. Available only for admins.' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
success Entities::GPGKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
use :pagination
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
get ':id/gpg_keys' do
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
present paginate(user.gpg_keys), with: Entities::GPGKey
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
|
|
|
|
desc 'Delete an existing GPG key from a specified user. Available only for admins.' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the GPG key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
delete ':id/gpg_keys/:key_id' do
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
key = user.gpg_keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('GPG Key') unless key
|
|
|
|
|
|
|
|
key.destroy
|
2020-01-16 13:08:46 -05:00
|
|
|
|
|
|
|
no_content!
|
2017-08-25 06:24:41 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
|
|
|
|
desc 'Revokes an existing GPG key from a specified user. Available only for admins.' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the GPG key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
post ':id/gpg_keys/:key_id/revoke' do
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
key = user.gpg_keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('GPG Key') unless key
|
|
|
|
|
|
|
|
key.revoke
|
|
|
|
status :accepted
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:24:41 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Add an email address to a specified user. Available only for admins.' do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :email, type: String, desc: 'The email of the user'
|
2018-09-09 17:04:11 -04:00
|
|
|
optional :skip_confirmation, type: Boolean, desc: 'Skip confirmation of email and assume it is verified'
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2015-07-29 09:40:08 -04:00
|
|
|
post ":id/emails" do
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
user = User.find_by(id: params.delete(:id))
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
2017-09-27 10:39:10 -04:00
|
|
|
email = Emails::CreateService.new(current_user, declared_params(include_missing: false).merge(user: user)).execute
|
2017-06-22 09:55:05 -04:00
|
|
|
|
|
|
|
if email.errors.blank?
|
2015-07-29 09:40:08 -04:00
|
|
|
present email, with: Entities::Email
|
|
|
|
else
|
|
|
|
render_validation_error!(email)
|
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Get the emails addresses of a specified user. Available only for admins.' do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2017-01-16 23:45:07 -05:00
|
|
|
use :pagination
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
get ':id/emails' do
|
2015-07-29 09:40:08 -04:00
|
|
|
authenticated_as_admin!
|
2016-10-27 04:20:06 -04:00
|
|
|
user = User.find_by(id: params[:id])
|
2015-07-29 09:40:08 -04:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
2017-01-16 23:45:07 -05:00
|
|
|
present paginate(user.emails), with: Entities::Email
|
2015-07-29 09:40:08 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Delete an email address of a specified user. Available only for admins.' do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
requires :email_id, type: Integer, desc: 'The ID of the email'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
delete ':id/emails/:email_id' do
|
2015-07-29 09:40:08 -04:00
|
|
|
authenticated_as_admin!
|
2016-10-27 04:20:06 -04:00
|
|
|
user = User.find_by(id: params[:id])
|
2015-07-29 09:40:08 -04:00
|
|
|
not_found!('User') unless user
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
email = user.emails.find_by(id: params[:email_id])
|
|
|
|
not_found!('Email') unless email
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2017-03-02 07:14:13 -05:00
|
|
|
destroy_conditionally!(email) do |email|
|
2017-10-05 06:48:22 -04:00
|
|
|
Emails::DestroyService.new(current_user, user: user).execute(email)
|
2017-03-02 07:14:13 -05:00
|
|
|
end
|
2015-07-29 09:40:08 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Delete a user. Available only for admins.' do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
2017-06-01 12:14:39 -04:00
|
|
|
optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"
|
2016-10-27 04:20:06 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2012-12-18 14:24:31 -05:00
|
|
|
delete ":id" do
|
2019-12-14 10:07:56 -05:00
|
|
|
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab/issues/20757')
|
2018-01-15 10:21:04 -05:00
|
|
|
|
2012-12-18 14:24:31 -05:00
|
|
|
authenticated_as_admin!
|
2017-03-01 08:35:48 -05:00
|
|
|
|
2014-01-19 13:55:59 -05:00
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-27 04:20:06 -04:00
|
|
|
not_found!('User') unless user
|
2019-12-11 19:07:43 -05:00
|
|
|
conflict!('User cannot be removed while is the sole-owner of a group') unless user.can_be_removed? || params[:hard_delete]
|
2012-12-18 14:24:31 -05:00
|
|
|
|
2017-03-02 07:14:13 -05:00
|
|
|
destroy_conditionally!(user) do
|
|
|
|
user.delete_async(deleted_by: current_user, params: params)
|
|
|
|
end
|
2012-12-18 14:24:31 -05:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-04-28 12:02:44 -04:00
|
|
|
|
2019-10-09 20:06:44 -04:00
|
|
|
desc 'Activate a deactivated user. Available only for admins.'
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
|
|
post ':id/activate' do
|
|
|
|
authenticated_as_admin!
|
|
|
|
|
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
not_found!('User') unless user
|
|
|
|
forbidden!('A blocked user must be unblocked to be activated') if user.blocked?
|
|
|
|
|
|
|
|
user.activate
|
|
|
|
end
|
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
desc 'Deactivate an active user. Available only for admins.'
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
end
|
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
|
|
|
post ':id/deactivate' do
|
|
|
|
authenticated_as_admin!
|
|
|
|
user = User.find_by(id: params[:id])
|
|
|
|
not_found!('User') unless user
|
|
|
|
|
|
|
|
break if user.deactivated?
|
|
|
|
|
|
|
|
unless user.can_be_deactivated?
|
|
|
|
forbidden!('A blocked user cannot be deactivated by the API') if user.blocked?
|
|
|
|
forbidden!("The user you are trying to deactivate has been active in the past #{::User::MINIMUM_INACTIVE_DAYS} days and cannot be deactivated")
|
|
|
|
end
|
|
|
|
|
|
|
|
user.deactivate
|
|
|
|
end
|
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Block a user. Available only for admins.'
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-02-20 07:31:11 -05:00
|
|
|
post ':id/block' do
|
2015-04-28 12:02:44 -04:00
|
|
|
authenticated_as_admin!
|
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-27 04:20:06 -04:00
|
|
|
not_found!('User') unless user
|
2015-04-28 12:02:44 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
if !user.ldap_blocked?
|
2015-04-28 12:02:44 -04:00
|
|
|
user.block
|
|
|
|
else
|
2015-12-30 13:52:02 -05:00
|
|
|
forbidden!('LDAP blocked users cannot be modified by the API')
|
2015-04-28 12:02:44 -04:00
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-04-28 12:02:44 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Unblock a user. Available only for admins.'
|
|
|
|
params do
|
|
|
|
requires :id, type: Integer, desc: 'The ID of the user'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-02-20 07:31:11 -05:00
|
|
|
post ':id/unblock' do
|
2015-04-28 12:02:44 -04:00
|
|
|
authenticated_as_admin!
|
|
|
|
user = User.find_by(id: params[:id])
|
2016-10-27 04:20:06 -04:00
|
|
|
not_found!('User') unless user
|
2015-04-28 12:02:44 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
if user.ldap_blocked?
|
2015-12-30 13:52:02 -05:00
|
|
|
forbidden!('LDAP blocked users cannot be unblocked by the API')
|
2019-10-09 20:06:44 -04:00
|
|
|
elsif user.deactivated?
|
|
|
|
forbidden!('Deactivated users cannot be unblocked by the API')
|
2016-01-12 09:29:10 -05:00
|
|
|
else
|
|
|
|
user.activate
|
2015-04-28 12:02:44 -04:00
|
|
|
end
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2016-10-10 07:35:26 -04:00
|
|
|
|
2020-01-22 10:08:48 -05:00
|
|
|
desc 'Get memberships' do
|
|
|
|
success Entities::Membership
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :user_id, type: Integer, desc: 'The ID of the user'
|
|
|
|
optional :type, type: String, values: %w[Project Namespace]
|
|
|
|
use :pagination
|
|
|
|
end
|
|
|
|
get ":user_id/memberships" do
|
|
|
|
authenticated_as_admin!
|
|
|
|
user = find_user_by_id(params)
|
|
|
|
|
|
|
|
members = case params[:type]
|
|
|
|
when 'Project'
|
|
|
|
user.project_members
|
|
|
|
when 'Namespace'
|
|
|
|
user.group_members
|
|
|
|
else
|
|
|
|
user.members
|
|
|
|
end
|
|
|
|
|
|
|
|
members = members.including_source
|
|
|
|
|
|
|
|
present paginate(members), with: Entities::Membership
|
|
|
|
end
|
|
|
|
|
2016-12-27 11:26:57 -05:00
|
|
|
params do
|
2017-03-01 11:59:03 -05:00
|
|
|
requires :user_id, type: Integer, desc: 'The ID of the user'
|
|
|
|
end
|
|
|
|
segment ':user_id' do
|
|
|
|
resource :impersonation_tokens do
|
|
|
|
helpers do
|
|
|
|
def finder(options = {})
|
2017-09-21 10:10:33 -04:00
|
|
|
user = find_user_by_id(params)
|
2017-03-01 11:59:03 -05:00
|
|
|
PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options))
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_impersonation_token
|
2018-10-26 10:47:03 -04:00
|
|
|
finder.find_by_id(declared_params[:impersonation_token_id]) || not_found!('Impersonation Token')
|
2017-03-01 11:59:03 -05:00
|
|
|
end
|
2017-02-27 13:56:54 -05:00
|
|
|
end
|
2016-12-27 11:26:57 -05:00
|
|
|
|
2017-03-01 11:59:03 -05:00
|
|
|
before { authenticated_as_admin! }
|
|
|
|
|
|
|
|
desc 'Retrieve impersonation tokens. Available only for admins.' do
|
2017-02-09 10:21:09 -05:00
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
2017-02-23 12:47:06 -05:00
|
|
|
success Entities::ImpersonationToken
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
|
|
|
params do
|
2017-02-27 13:56:54 -05:00
|
|
|
use :pagination
|
2017-03-01 11:59:03 -05:00
|
|
|
optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) impersonation_tokens'
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
2017-03-01 11:59:03 -05:00
|
|
|
get { present paginate(finder(declared_params(include_missing: false)).execute), with: Entities::ImpersonationToken }
|
2016-12-27 11:26:57 -05:00
|
|
|
|
2017-03-01 11:59:03 -05:00
|
|
|
desc 'Create a impersonation token. Available only for admins.' do
|
2017-02-09 10:21:09 -05:00
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
2018-11-08 10:03:56 -05:00
|
|
|
success Entities::ImpersonationTokenWithToken
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
|
|
|
params do
|
2017-03-01 11:59:03 -05:00
|
|
|
requires :name, type: String, desc: 'The name of the impersonation token'
|
|
|
|
optional :expires_at, type: Date, desc: 'The expiration date in the format YEAR-MONTH-DAY of the impersonation token'
|
|
|
|
optional :scopes, type: Array, desc: 'The array of scopes of the impersonation token'
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
|
|
|
post do
|
2017-03-01 11:59:03 -05:00
|
|
|
impersonation_token = finder.build(declared_params(include_missing: false))
|
2017-02-09 10:21:09 -05:00
|
|
|
|
2017-03-01 11:59:03 -05:00
|
|
|
if impersonation_token.save
|
2018-11-08 10:03:56 -05:00
|
|
|
present impersonation_token, with: Entities::ImpersonationTokenWithToken
|
2017-02-09 10:21:09 -05:00
|
|
|
else
|
2017-03-01 11:59:03 -05:00
|
|
|
render_validation_error!(impersonation_token)
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
|
|
|
end
|
2016-12-27 11:26:57 -05:00
|
|
|
|
2017-03-01 11:59:03 -05:00
|
|
|
desc 'Retrieve impersonation token. Available only for admins.' do
|
2017-02-09 10:21:09 -05:00
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
2017-02-23 12:47:06 -05:00
|
|
|
success Entities::ImpersonationToken
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
|
|
|
params do
|
2017-03-01 11:59:03 -05:00
|
|
|
requires :impersonation_token_id, type: Integer, desc: 'The ID of the impersonation token'
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
2017-03-01 11:59:03 -05:00
|
|
|
get ':impersonation_token_id' do
|
|
|
|
present find_impersonation_token, with: Entities::ImpersonationToken
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
2016-12-27 11:26:57 -05:00
|
|
|
|
2017-03-01 11:59:03 -05:00
|
|
|
desc 'Revoke a impersonation token. Available only for admins.' do
|
2017-02-09 10:21:09 -05:00
|
|
|
detail 'This feature was introduced in GitLab 9.0'
|
|
|
|
end
|
|
|
|
params do
|
2017-03-01 11:59:03 -05:00
|
|
|
requires :impersonation_token_id, type: Integer, desc: 'The ID of the impersonation token'
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
2017-03-01 11:59:03 -05:00
|
|
|
delete ':impersonation_token_id' do
|
2017-08-24 04:41:54 -04:00
|
|
|
token = find_impersonation_token
|
|
|
|
|
|
|
|
destroy_conditionally!(token) do
|
|
|
|
token.revoke!
|
|
|
|
end
|
2017-02-09 10:21:09 -05:00
|
|
|
end
|
|
|
|
end
|
2016-12-27 11:26:57 -05:00
|
|
|
end
|
2012-06-29 06:46:01 -04:00
|
|
|
end
|
|
|
|
|
2012-09-21 07:49:28 -04:00
|
|
|
resource :user do
|
2017-07-04 08:19:48 -04:00
|
|
|
before do
|
|
|
|
authenticate!
|
|
|
|
end
|
|
|
|
|
2018-06-13 04:25:01 -04:00
|
|
|
# Enabling /user endpoint for the v3 version to allow oauth
|
|
|
|
# authentication through this endpoint.
|
|
|
|
version %w(v3 v4), using: :path do
|
|
|
|
desc 'Get the currently authenticated user' do
|
|
|
|
success Entities::UserPublic
|
|
|
|
end
|
|
|
|
get do
|
|
|
|
entity =
|
|
|
|
if current_user.admin?
|
|
|
|
Entities::UserWithAdmin
|
|
|
|
else
|
|
|
|
Entities::UserPublic
|
|
|
|
end
|
2017-07-12 06:18:14 -04:00
|
|
|
|
2018-07-24 08:46:19 -04:00
|
|
|
present current_user, with: entity, current_user: current_user
|
2018-06-13 04:25:01 -04:00
|
|
|
end
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc "Get the currently authenticated user's SSH keys" do
|
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
2017-01-16 23:45:07 -05:00
|
|
|
params do
|
|
|
|
use :pagination
|
|
|
|
end
|
2012-09-21 07:49:28 -04:00
|
|
|
get "keys" do
|
2017-01-16 23:45:07 -05:00
|
|
|
present paginate(current_user.keys), with: Entities::SSHKey
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Get a single key owned by currently authenticated user' do
|
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
get "keys/:key_id" do
|
|
|
|
key = current_user.keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('Key') unless key
|
|
|
|
|
2012-09-21 07:49:28 -04:00
|
|
|
present key, with: Entities::SSHKey
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2012-09-21 07:49:28 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Add a new SSH key to the currently authenticated user' do
|
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key, type: String, desc: 'The new SSH key'
|
|
|
|
requires :title, type: String, desc: 'The title of the new SSH key'
|
|
|
|
end
|
2012-09-21 07:49:28 -04:00
|
|
|
post "keys" do
|
2016-10-27 04:20:06 -04:00
|
|
|
key = current_user.keys.new(declared_params)
|
2013-02-20 06:10:51 -05:00
|
|
|
|
2012-09-21 07:49:28 -04:00
|
|
|
if key.save
|
|
|
|
present key, with: Entities::SSHKey
|
|
|
|
else
|
2014-08-18 14:09:09 -04:00
|
|
|
render_validation_error!(key)
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Delete an SSH key from the currently authenticated user' do
|
|
|
|
success Entities::SSHKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
delete "keys/:key_id" do
|
|
|
|
key = current_user.keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('Key') unless key
|
|
|
|
|
2017-03-02 07:14:13 -05:00
|
|
|
destroy_conditionally!(key)
|
2012-09-21 07:49:28 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2017-08-25 06:01:34 -04:00
|
|
|
desc "Get the currently authenticated user's GPG keys" do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
success Entities::GPGKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
use :pagination
|
|
|
|
end
|
|
|
|
get 'gpg_keys' do
|
|
|
|
present paginate(current_user.gpg_keys), with: Entities::GPGKey
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'Get a single GPG key owned by currently authenticated user' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
success Entities::GPGKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the GPG key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:01:34 -04:00
|
|
|
get 'gpg_keys/:key_id' do
|
|
|
|
key = current_user.gpg_keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('GPG Key') unless key
|
|
|
|
|
|
|
|
present key, with: Entities::GPGKey
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:01:34 -04:00
|
|
|
|
|
|
|
desc 'Add a new GPG key to the currently authenticated user' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
success Entities::GPGKey
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key, type: String, desc: 'The new GPG key'
|
|
|
|
end
|
|
|
|
post 'gpg_keys' do
|
|
|
|
key = current_user.gpg_keys.new(declared_params)
|
|
|
|
|
|
|
|
if key.save
|
|
|
|
present key, with: Entities::GPGKey
|
|
|
|
else
|
|
|
|
render_validation_error!(key)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'Revoke a GPG key owned by currently authenticated user' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the GPG key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:01:34 -04:00
|
|
|
post 'gpg_keys/:key_id/revoke' do
|
|
|
|
key = current_user.gpg_keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('GPG Key') unless key
|
|
|
|
|
|
|
|
key.revoke
|
|
|
|
status :accepted
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:01:34 -04:00
|
|
|
|
|
|
|
desc 'Delete a GPG key from the currently authenticated user' do
|
|
|
|
detail 'This feature was added in GitLab 10.0'
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :key_id, type: Integer, desc: 'The ID of the SSH key'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-08-25 06:01:34 -04:00
|
|
|
delete 'gpg_keys/:key_id' do
|
|
|
|
key = current_user.gpg_keys.find_by(id: params[:key_id])
|
|
|
|
not_found!('GPG Key') unless key
|
|
|
|
|
|
|
|
key.destroy
|
2020-01-16 13:08:46 -05:00
|
|
|
|
|
|
|
no_content!
|
2017-08-25 06:01:34 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-08-25 06:01:34 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc "Get the currently authenticated user's email addresses" do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
2017-01-16 23:45:07 -05:00
|
|
|
params do
|
|
|
|
use :pagination
|
|
|
|
end
|
2015-07-29 09:40:08 -04:00
|
|
|
get "emails" do
|
2017-01-16 23:45:07 -05:00
|
|
|
present paginate(current_user.emails), with: Entities::Email
|
2015-07-29 09:40:08 -04:00
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Get a single email address owned by the currently authenticated user' do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :email_id, type: Integer, desc: 'The ID of the email'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
get "emails/:email_id" do
|
|
|
|
email = current_user.emails.find_by(id: params[:email_id])
|
|
|
|
not_found!('Email') unless email
|
|
|
|
|
2015-07-29 09:40:08 -04:00
|
|
|
present email, with: Entities::Email
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Add new email address to the currently authenticated user' do
|
|
|
|
success Entities::Email
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
requires :email, type: String, desc: 'The new email'
|
|
|
|
end
|
2015-07-29 09:40:08 -04:00
|
|
|
post "emails" do
|
2017-09-27 10:39:10 -04:00
|
|
|
email = Emails::CreateService.new(current_user, declared_params.merge(user: current_user)).execute
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2017-06-22 09:55:05 -04:00
|
|
|
if email.errors.blank?
|
2015-07-29 09:40:08 -04:00
|
|
|
present email, with: Entities::Email
|
|
|
|
else
|
|
|
|
render_validation_error!(email)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-27 04:20:06 -04:00
|
|
|
desc 'Delete an email address from the currently authenticated user'
|
|
|
|
params do
|
|
|
|
requires :email_id, type: Integer, desc: 'The ID of the email'
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2016-10-27 04:20:06 -04:00
|
|
|
delete "emails/:email_id" do
|
|
|
|
email = current_user.emails.find_by(id: params[:email_id])
|
|
|
|
not_found!('Email') unless email
|
2015-07-29 09:40:08 -04:00
|
|
|
|
2017-03-02 07:14:13 -05:00
|
|
|
destroy_conditionally!(email) do |email|
|
2017-10-05 06:48:22 -04:00
|
|
|
Emails::DestroyService.new(current_user, user: current_user).execute(email)
|
2017-03-02 07:14:13 -05:00
|
|
|
end
|
2015-07-29 09:40:08 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2017-04-12 07:19:45 -04:00
|
|
|
|
|
|
|
desc 'Get a list of user activities'
|
|
|
|
params do
|
2017-03-27 09:43:10 -04:00
|
|
|
optional :from, type: DateTime, default: 6.months.ago, desc: 'Date string in the format YEAR-MONTH-DAY'
|
2017-04-12 07:19:45 -04:00
|
|
|
use :pagination
|
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2017-03-27 09:43:10 -04:00
|
|
|
get "activities" do
|
2017-04-12 07:19:45 -04:00
|
|
|
authenticated_as_admin!
|
|
|
|
|
2017-06-21 09:48:12 -04:00
|
|
|
activities = User
|
|
|
|
.where(User.arel_table[:last_activity_on].gteq(params[:from]))
|
|
|
|
.reorder(last_activity_on: :asc)
|
2017-04-12 07:19:45 -04:00
|
|
|
|
2017-03-27 09:43:10 -04:00
|
|
|
present paginate(activities), with: Entities::UserActivity
|
2017-04-12 07:19:45 -04:00
|
|
|
end
|
2018-08-27 11:31:01 -04:00
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2018-07-13 11:52:31 -04:00
|
|
|
|
|
|
|
desc 'Set the status of the current user' do
|
|
|
|
success Entities::UserStatus
|
|
|
|
end
|
|
|
|
params do
|
|
|
|
optional :emoji, type: String, desc: "The emoji to set on the status"
|
|
|
|
optional :message, type: String, desc: "The status message to set"
|
|
|
|
end
|
|
|
|
put "status" do
|
|
|
|
forbidden! unless can?(current_user, :update_user_status, current_user)
|
|
|
|
|
|
|
|
if ::Users::SetStatusService.new(current_user, declared_params).execute
|
|
|
|
present current_user.status, with: Entities::UserStatus
|
|
|
|
else
|
|
|
|
render_validation_error!(current_user.status)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
desc 'get the status of the current user' do
|
|
|
|
success Entities::UserStatus
|
|
|
|
end
|
|
|
|
get 'status' do
|
|
|
|
present current_user.status || {}, with: Entities::UserStatus
|
|
|
|
end
|
2012-06-29 06:46:01 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|