From b0981097c302dd04df23ec557b4dcce5c952f2bf Mon Sep 17 00:00:00 2001 From: Alexis Reigel Date: Thu, 17 Jan 2019 19:27:20 +0100 Subject: [PATCH] return 400 on users search and feature is disabled as the params block is evaluated when loading the class and the db connection is not available yet we can't use the feature toggle inside that block. --- lib/api/search.rb | 19 +++++++------ locale/gitlab.pot | 3 +++ spec/requests/api/search_spec.rb | 46 ++++++++++++++++++++++++++++---- 3 files changed, 55 insertions(+), 13 deletions(-) diff --git a/lib/api/search.rb b/lib/api/search.rb index d271923dbd6..30e68c5aac1 100644 --- a/lib/api/search.rb +++ b/lib/api/search.rb @@ -53,15 +53,14 @@ module API # EE, without having to modify this file directly. end - params :scope do |options| - scope_entities = - if Feature.enabled?(:users_search, default_enabled: true) - SCOPE_ENTITY - else - SCOPE_ENTITY.reject { |key, value| key == :users } - end + def check_users_search_allowed! + if Feature.disabled?(:users_search, default_enabled: true) && params[:scope].to_sym == :users + render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400) + end + end - values = scope_entities.stringify_keys.slice(*options[:values]).keys + params :scope do |options| + values = SCOPE_ENTITY.stringify_keys.slice(*options[:values]).keys requires :scope, type: String, @@ -81,6 +80,7 @@ module API end get do verify_search_scope! + check_users_search_allowed! present search, with: entity end @@ -98,6 +98,7 @@ module API end get ':id/(-/)search' do verify_search_scope! + check_users_search_allowed! present search(group_id: user_group.id), with: entity end @@ -114,6 +115,8 @@ module API use :pagination end get ':id/(-/)search' do + check_users_search_allowed! + present search(project_id: user_project.id), with: entity end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 5b192f4ccbc..5cc4942d150 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -6632,6 +6632,9 @@ msgstr "" msgid "Scope" msgstr "" +msgid "Scope not supported with disabled 'users_search' feature!" +msgstr "" + msgid "Scroll down to Google Code Project Hosting and enable the switch on the right." msgstr "" diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 0f539fb6c60..49672591b3b 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -81,10 +81,22 @@ describe API::Search do before do create(:user, name: 'billy') - get api('/search', user), scope: 'users', search: 'billy' + get api('/search', user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' + + context 'when users search feature is disabled' do + before do + allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true) + + get api('/search', user), params: { scope: 'users', search: 'billy' } + end + + it 'returns 400 error' do + expect(response).to have_gitlab_http_status(400) + end + end end context 'for snippet_titles scope' do @@ -203,15 +215,27 @@ describe API::Search do it_behaves_like 'response is correct', schema: 'public_api/v4/milestones' end - context 'for user scope' do + context 'for users scope' do before do user = create(:user, name: 'billy') create(:group_member, :developer, user: user, group: group) - get api("/groups/#{group.id}/search", user), scope: 'users', search: 'billy' + get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' + + context 'when users search feature is disabled' do + before do + allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true) + + get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' } + end + + it 'returns 400 error' do + expect(response).to have_gitlab_http_status(400) + end + end end context 'for users scope with group path as id' do @@ -219,7 +243,7 @@ describe API::Search do user1 = create(:user, name: 'billy') create(:group_member, :developer, user: user1, group: group) - get api("/groups/#{CGI.escape(group.full_path)}/search", user), scope: 'users', search: 'billy' + get api("/groups/#{CGI.escape(group.full_path)}/search", user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' @@ -306,10 +330,22 @@ describe API::Search do user1 = create(:user, name: 'billy') create(:project_member, :developer, user: user1, project: project) - get api("/projects/#{project.id}/search", user), scope: 'users', search: 'billy' + get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' } end it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics' + + context 'when users search feature is disabled' do + before do + allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true) + + get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' } + end + + it 'returns 400 error' do + expect(response).to have_gitlab_http_status(400) + end + end end context 'for notes scope' do