summaryrefslogtreecommitdiff
path: root/lib/api/users.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/api/users.rb')
-rw-r--r--lib/api/users.rb26
1 files changed, 16 insertions, 10 deletions
diff --git a/lib/api/users.rb b/lib/api/users.rb
index a73650dc361..0842c3874c5 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -1,7 +1,11 @@
module API
- # Users API
class Users < Grape::API
- before { authenticate! }
+ include PaginationParams
+
+ before do
+ allow_access_with_scope :read_user if request.get?
+ authenticate!
+ end
resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do
helpers do
@@ -33,6 +37,7 @@ module API
optional :active, type: Boolean, default: false, desc: 'Filters only active users'
optional :external, type: Boolean, default: false, desc: 'Filters only external users'
optional :blocked, type: Boolean, default: false, desc: 'Filters only blocked users'
+ use :pagination
end
get do
unless can?(current_user, :read_users_list, nil)
@@ -49,7 +54,7 @@ module API
users = users.external if params[:external] && current_user.is_admin?
end
- entity = current_user.is_admin? ? Entities::UserFull : Entities::UserBasic
+ entity = current_user.is_admin? ? Entities::UserPublic : Entities::UserBasic
present paginate(users), with: entity
end
@@ -64,7 +69,7 @@ module API
not_found!('User') unless user
if current_user && current_user.is_admin?
- present user, with: Entities::UserFull
+ present user, with: Entities::UserPublic
elsif can?(current_user, :read_user, user)
present user, with: Entities::User
else
@@ -73,7 +78,7 @@ module API
end
desc 'Create a user. Available only for admins.' do
- success Entities::UserFull
+ success Entities::UserPublic
end
params do
requires :email, type: String, desc: 'The email of the user'
@@ -97,7 +102,7 @@ module API
end
if user.save
- present user, with: Entities::UserFull
+ present user, with: Entities::UserPublic
else
conflict!('Email has already been taken') if User.
where(email: user.email).
@@ -112,7 +117,7 @@ module API
end
desc 'Update a user. Available only for admins.' do
- success Entities::UserFull
+ success Entities::UserPublic
end
params do
requires :id, type: Integer, desc: 'The ID of the user'
@@ -159,7 +164,7 @@ module API
user_params.delete(:provider)
if user.update_attributes(user_params)
- present user, with: Entities::UserFull
+ present user, with: Entities::UserPublic
else
render_validation_error!(user)
end
@@ -330,6 +335,7 @@ module API
end
params do
requires :id, type: Integer, desc: 'The ID of the user'
+ use :pagination
end
get ':id/events' do
user = User.find_by(id: params[:id])
@@ -347,10 +353,10 @@ module API
resource :user do
desc 'Get the currently authenticated user' do
- success Entities::UserFull
+ success Entities::UserPublic
end
get do
- present current_user, with: Entities::UserFull
+ present current_user, with: sudo? ? Entities::UserWithPrivateToken : Entities::UserPublic
end
desc "Get the currently authenticated user's SSH keys" do
View Lorry Controller Status