Don't crash when removing a user that's not project member
The attempt to revoke project access for a user that was not member of the project results in a 500 Internal Server error where it actually should result in a 200 OK since after the operation, the user is not member of the project. This turns the operation into an idempotent call that can be repeated with no ill effects. Updated the spec and changed the code accordingly. However, the result differs slightly, as we can't return the users project access level if the user was not member. I'm not aware if anybody relies on the result of this call. Fixes #2832
This commit is contained in:
parent
c72910a8bf
commit
ce6436b98a
2 changed files with 16 additions and 1 deletions
|
@ -132,7 +132,11 @@ module Gitlab
|
|||
delete ":id/members/:user_id" do
|
||||
authorize! :admin_project, user_project
|
||||
users_project = user_project.users_projects.find_by_user_id params[:user_id]
|
||||
unless users_project.nil?
|
||||
users_project.destroy
|
||||
else
|
||||
{:message => "Access revoked", :id => params[:user_id].to_i}
|
||||
end
|
||||
end
|
||||
|
||||
# Get project hooks
|
||||
|
|
|
@ -167,6 +167,17 @@ describe Gitlab::API do
|
|||
end
|
||||
end
|
||||
|
||||
describe "DELETE /projects/:id/members/:user_id" do
|
||||
it "should return 200 OK when the user was not member" do
|
||||
expect {
|
||||
delete api("/projects/#{project.id}/members/1000000", user)
|
||||
}.to change { UsersProject.count }.by(0)
|
||||
response.status.should == 200
|
||||
json_response['message'].should == "Access revoked"
|
||||
json_response['id'].should == 1000000
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /projects/:id/hooks" do
|
||||
it "should return project hooks" do
|
||||
get api("/projects/#{project.id}/hooks", user)
|
||||
|
|
Loading…
Reference in a new issue