fix mass-assignment error in user create API

2 files changed, 6 insertions, 6 deletions

diff --git a/lib/api/users.rb b/lib/api/users.rb
index 7f548aaa667..108a3f123db 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -23,7 +23,7 @@ module Gitlab
         @user = User.find(params[:id])
         present @user, with: Entities::User
       end
-      
+
       # Create user. Available only for admin
       #
       # Parameters:
@@ -40,7 +40,7 @@ module Gitlab
       post do
         authenticated_as_admin!
         attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit]
-        user = User.new attrs
+        user = User.new attrs, as: :admin
         if user.save
           present user, with: Entities::User
         else
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index e3049e09016..4c2e6adaf7f 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -4,7 +4,7 @@ describe Gitlab::API do
   include ApiHelpers
 
   let(:user)  { Factory :user }
-  let(:admin) {Factory :admin}
+  let(:admin) { Factory :admin }
   let(:key)   { Factory :key, user: user }
 
   describe "GET /users" do
@@ -42,9 +42,9 @@ describe Gitlab::API do
     end
 
     it "should create user" do
-      expect{
-        post api("/users", admin), Factory.attributes(:user)
-      }.to change{User.count}.by(1)
+      expect {
+        post api("/users", admin), Factory.attributes(:user, projects_limit: 3)
+      }.to change { User.count }.by(1)
     end
 
     it "shouldn't available for non admin users" do