Merge branch '36213-return-is_admin-in-users-api-when-current_user-is-admin' into 'master'
Include the `is_admin` field in the `GET /users/:id` API when current user is an admin Closes #36213 See merge request !13501
This commit is contained in:
commit
0887a2bd10
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
title: Include the `is_admin` field in the `GET /users/:id` API when current user
|
||||
is an admin
|
||||
merge_request:
|
||||
author:
|
||||
type: fixed
|
|
@ -79,22 +79,17 @@ module API
|
|||
end
|
||||
|
||||
desc 'Get a single user' do
|
||||
success Entities::UserBasic
|
||||
success Entities::User
|
||||
end
|
||||
params do
|
||||
requires :id, type: Integer, desc: 'The ID of the user'
|
||||
end
|
||||
get ":id" do
|
||||
user = User.find_by(id: params[:id])
|
||||
not_found!('User') unless user
|
||||
not_found!('User') unless user && can?(current_user, :read_user, user)
|
||||
|
||||
if current_user && current_user.admin?
|
||||
present user, with: Entities::UserPublic
|
||||
elsif can?(current_user, :read_user, user)
|
||||
present user, with: Entities::User
|
||||
else
|
||||
render_api_error!("User not found.", 404)
|
||||
end
|
||||
opts = current_user&.admin? ? { with: Entities::UserWithAdmin } : {}
|
||||
present user, opts
|
||||
end
|
||||
|
||||
desc 'Create a user. Available only for admins.' do
|
||||
|
|
|
@ -217,9 +217,19 @@ describe API::Users do
|
|||
it "does not return the user's `is_admin` flag" do
|
||||
get api("/users/#{user.id}", user)
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(json_response['is_admin']).to be_nil
|
||||
end
|
||||
|
||||
context 'when authenticated as admin' do
|
||||
it 'includes the `is_admin` field' do
|
||||
get api("/users/#{user.id}", admin)
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(json_response['is_admin']).to be(false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'for an anonymous user' do
|
||||
it "returns a user by id" do
|
||||
get api("/users/#{user.id}")
|
||||
|
|
Loading…
Reference in New Issue