Commit 47d6f70528dd4b41739c0a6767f74a8a40d9aaaa
1 parent
8ff171f6
Exists in
spb-stable
and in
2 other branches
Add /api/users test for admin role. Updated CHANGELOG
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
2 changed files
with
12 additions
and
0 deletions
Show diff stats
CHANGELOG
| ... | ... | @@ -35,6 +35,7 @@ v 7.0.0 |
| 35 | 35 | - Be more selective when killing stray Sidekiqs |
| 36 | 36 | - Check LDAP user filter during sign-in |
| 37 | 37 | - Remove wall feature (no data loss - you can take it from database) |
| 38 | + - Dont expose user emails via API unless you are admin | |
| 38 | 39 | |
| 39 | 40 | v 6.9.2 |
| 40 | 41 | - Revert the commit that broke the LDAP user filter | ... | ... |
spec/requests/api/users_spec.rb
| ... | ... | @@ -23,6 +23,17 @@ describe API::API, api: true do |
| 23 | 23 | json_response.first['username'].should == user.username |
| 24 | 24 | end |
| 25 | 25 | end |
| 26 | + | |
| 27 | + context "when admin" do | |
| 28 | + it "should return an array of users" do | |
| 29 | + get api("/users", admin) | |
| 30 | + response.status.should == 200 | |
| 31 | + json_response.should be_an Array | |
| 32 | + json_response.first.keys.should include 'email' | |
| 33 | + json_response.first.keys.should include 'extern_uid' | |
| 34 | + json_response.first.keys.should include 'can_create_project' | |
| 35 | + end | |
| 36 | + end | |
| 26 | 37 | end |
| 27 | 38 | |
| 28 | 39 | describe "GET /users/:id" do | ... | ... |