Commit c61020632147e0855cf229bce81aa080ca1e5992
1 parent
770ec335
Exists in
master
and in
4 other branches
fix mass-assignment error in user create API
Showing
2 changed files
with
6 additions
and
6 deletions
Show diff stats
lib/api/users.rb
| ... | ... | @@ -23,7 +23,7 @@ module Gitlab |
| 23 | 23 | @user = User.find(params[:id]) |
| 24 | 24 | present @user, with: Entities::User |
| 25 | 25 | end |
| 26 | - | |
| 26 | + | |
| 27 | 27 | # Create user. Available only for admin |
| 28 | 28 | # |
| 29 | 29 | # Parameters: |
| ... | ... | @@ -40,7 +40,7 @@ module Gitlab |
| 40 | 40 | post do |
| 41 | 41 | authenticated_as_admin! |
| 42 | 42 | attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit] |
| 43 | - user = User.new attrs | |
| 43 | + user = User.new attrs, as: :admin | |
| 44 | 44 | if user.save |
| 45 | 45 | present user, with: Entities::User |
| 46 | 46 | else | ... | ... |
spec/requests/api/users_spec.rb
| ... | ... | @@ -4,7 +4,7 @@ describe Gitlab::API do |
| 4 | 4 | include ApiHelpers |
| 5 | 5 | |
| 6 | 6 | let(:user) { Factory :user } |
| 7 | - let(:admin) {Factory :admin} | |
| 7 | + let(:admin) { Factory :admin } | |
| 8 | 8 | let(:key) { Factory :key, user: user } |
| 9 | 9 | |
| 10 | 10 | describe "GET /users" do |
| ... | ... | @@ -42,9 +42,9 @@ describe Gitlab::API do |
| 42 | 42 | end |
| 43 | 43 | |
| 44 | 44 | it "should create user" do |
| 45 | - expect{ | |
| 46 | - post api("/users", admin), Factory.attributes(:user) | |
| 47 | - }.to change{User.count}.by(1) | |
| 45 | + expect { | |
| 46 | + post api("/users", admin), Factory.attributes(:user, projects_limit: 3) | |
| 47 | + }.to change { User.count }.by(1) | |
| 48 | 48 | end |
| 49 | 49 | |
| 50 | 50 | it "shouldn't available for non admin users" do | ... | ... |