Commit 47d6f70528dd4b41739c0a6767f74a8a40d9aaaa
1 parent
8ff171f6
Exists in
spb-stable
and in
2 other branches
Add /api/users test for admin role. Updated CHANGELOG
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
2 changed files
with
12 additions
and
0 deletions
Show diff stats
CHANGELOG
| @@ -35,6 +35,7 @@ v 7.0.0 | @@ -35,6 +35,7 @@ v 7.0.0 | ||
| 35 | - Be more selective when killing stray Sidekiqs | 35 | - Be more selective when killing stray Sidekiqs |
| 36 | - Check LDAP user filter during sign-in | 36 | - Check LDAP user filter during sign-in |
| 37 | - Remove wall feature (no data loss - you can take it from database) | 37 | - Remove wall feature (no data loss - you can take it from database) |
| 38 | + - Dont expose user emails via API unless you are admin | ||
| 38 | 39 | ||
| 39 | v 6.9.2 | 40 | v 6.9.2 |
| 40 | - Revert the commit that broke the LDAP user filter | 41 | - Revert the commit that broke the LDAP user filter |
spec/requests/api/users_spec.rb
| @@ -23,6 +23,17 @@ describe API::API, api: true do | @@ -23,6 +23,17 @@ describe API::API, api: true do | ||
| 23 | json_response.first['username'].should == user.username | 23 | json_response.first['username'].should == user.username |
| 24 | end | 24 | end |
| 25 | end | 25 | end |
| 26 | + | ||
| 27 | + context "when admin" do | ||
| 28 | + it "should return an array of users" do | ||
| 29 | + get api("/users", admin) | ||
| 30 | + response.status.should == 200 | ||
| 31 | + json_response.should be_an Array | ||
| 32 | + json_response.first.keys.should include 'email' | ||
| 33 | + json_response.first.keys.should include 'extern_uid' | ||
| 34 | + json_response.first.keys.should include 'can_create_project' | ||
| 35 | + end | ||
| 36 | + end | ||
| 26 | end | 37 | end |
| 27 | 38 | ||
| 28 | describe "GET /users/:id" do | 39 | describe "GET /users/:id" do |