From d70b7a490dae32435c5c906bc6f923676c52a9ea Mon Sep 17 00:00:00 2001
From: Tiago Botelho <tiagonbotelho@hotmail.com>
Date: Thu, 21 Sep 2017 15:10:33 +0100
Subject: [PATCH] find_user users helper method no longer overrides find_user
 API helper method.

---
 ...d-from-users-endpoint-overrides-api-helper-method.yml | 5 +++++
 lib/api/users.rb                                         | 4 ++--
 spec/requests/api/users_spec.rb                          | 9 +++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/unreleased/37467-helper-method-from-users-endpoint-overrides-api-helper-method.yml

diff --git a/changelogs/unreleased/37467-helper-method-from-users-endpoint-overrides-api-helper-method.yml b/changelogs/unreleased/37467-helper-method-from-users-endpoint-overrides-api-helper-method.yml
new file mode 100644
index 00000000000..1984ec6e81c
--- /dev/null
+++ b/changelogs/unreleased/37467-helper-method-from-users-endpoint-overrides-api-helper-method.yml
@@ -0,0 +1,5 @@
+---
+title: find_user Users helper method no longer overrides find_user API helper method.
+merge_request: 14418
+author:
+type: fixed
diff --git a/lib/api/users.rb b/lib/api/users.rb
index bdebda58d3f..77ac24ec68d 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -11,7 +11,7 @@ module API
       end
 
       helpers do
-        def find_user(params)
+        def find_user_by_id(params)
           id = params[:user_id] || params[:id]
           User.find_by(id: id) || not_found!('User')
         end
@@ -430,7 +430,7 @@ module API
         resource :impersonation_tokens do
           helpers do
             def finder(options = {})
-              user = find_user(params)
+              user = find_user_by_id(params)
               PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options))
             end
 
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 5b306ec6cbf..c30188b1b41 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -125,6 +125,15 @@ describe API::Users do
     end
 
     context "when admin" do
+      context 'when sudo is defined' do
+        it 'does not return 500' do
+          admin_personal_access_token = create(:personal_access_token, user: admin).token
+          get api("/users?private_token=#{admin_personal_access_token}&sudo=#{user.id}", admin)
+
+          expect(response).to have_http_status(:success)
+        end
+      end
+
       it "returns an array of users" do
         get api("/users", admin)