diff options
| author | Felix Gilcher <felix.gilcher@asquera.de> | 2013-02-01 13:53:35 +0000 |
|---|---|---|
| committer | Felix Gilcher <felix.gilcher@asquera.de> | 2013-02-01 13:53:35 +0000 |
| commit | ce6436b98a8a86356ee93e6eaf136d27d7f77b93 (patch) | |
| tree | 1e648dfcc9c8a43bb9b4a122eb997b5074c8157e | |
| parent | c72910a8bf782c10662dd4392e81ef6408f801ee (diff) | |
| download | gitlab-ce-ce6436b98a8a86356ee93e6eaf136d27d7f77b93.tar.gz | |
Don't crash when removing a user that's not project member
The attempt to revoke project access for a user that was not member of the
project results in a 500 Internal Server error where it actually should
result in a 200 OK since after the operation, the user is not member of
the project. This turns the operation into an idempotent call that can
be repeated with no ill effects.
Updated the spec and changed the code accordingly. However, the result differs
slightly, as we can't return the users project access level if the user was not
member. I'm not aware if anybody relies on the result of this call.
Fixes #2832
| -rw-r--r-- | lib/api/projects.rb | 6 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 11 |
2 files changed, 16 insertions, 1 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb index cbef1ed3b50..5444ba6a205 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -132,7 +132,11 @@ module Gitlab delete ":id/members/:user_id" do authorize! :admin_project, user_project users_project = user_project.users_projects.find_by_user_id params[:user_id] - users_project.destroy + unless users_project.nil? + users_project.destroy + else + {:message => "Access revoked", :id => params[:user_id].to_i} + end end # Get project hooks diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index c2244210bcf..8351b4bf8bb 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -167,6 +167,17 @@ describe Gitlab::API do end end + describe "DELETE /projects/:id/members/:user_id" do + it "should return 200 OK when the user was not member" do + expect { + delete api("/projects/#{project.id}/members/1000000", user) + }.to change { UsersProject.count }.by(0) + response.status.should == 200 + json_response['message'].should == "Access revoked" + json_response['id'].should == 1000000 + end + end + describe "GET /projects/:id/hooks" do it "should return project hooks" do get api("/projects/#{project.id}/hooks", user) |