From e47924681039605c88b60a09bfbe109d4e827401 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Maro=C5=A1i?= Date: Mon, 23 Jul 2018 16:22:17 +0200 Subject: [PATCH 1/2] Fixed validation while adding user with multiple groups. --- app/controllers/api/users_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb index 3dcfeb4208..4c2ea953fe 100644 --- a/app/controllers/api/users_controller.rb +++ b/app/controllers/api/users_controller.rb @@ -100,10 +100,11 @@ def validate_self_user_data(data = {}) def validate_user_create_data(data) validate_user_data(data) - req_attrs = %w(name userid group) + req_attrs = %w(name userid) req_attrs << "password" if ::Settings.authentication.mode == "database" bad_attrs = [] req_attrs.each { |attr| bad_attrs << attr if data[attr].blank? } + bad_attrs << "group or miq_groups" if !data['group'] && !data['miq_groups'] raise BadRequestError, "Missing attribute(s) #{bad_attrs.join(', ')} for creating a user" if bad_attrs.present? end end From 2071fbc07a0822af42d4666a949ba31d6916b655 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Maro=C5=A1i?= Date: Tue, 24 Jul 2018 09:56:38 +0200 Subject: [PATCH 2/2] Added test for creating new user with multiple groups. --- spec/requests/users_spec.rb | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/spec/requests/users_spec.rb b/spec/requests/users_spec.rb index 70d5883c57..8e7de8a3a2 100644 --- a/spec/requests/users_spec.rb +++ b/spec/requests/users_spec.rb @@ -21,6 +21,7 @@ let(:sample_user1) { {:userid => "user1", :name => "User1", :password => "password1", :group => {"id" => group1.id}} } let(:sample_user2) { {:userid => "user2", :name => "User2", :password => "password2", :group => {"id" => group2.id}} } + let(:sample_user3) { {:userid => "user3", :name => "User3", :password => "password3", :miq_groups => [{"id" => group1.id}, {"id" => group2.id}]} } let(:user1) { FactoryGirl.create(:user, sample_user1.except(:group).merge(:miq_groups => [group1])) } let(:user2) { FactoryGirl.create(:user, sample_user2.except(:group).merge(:miq_groups => [group2])) } @@ -199,6 +200,34 @@ expect(user1_hash["current_group_id"]).to eq(group1.id.to_s) expect(user2_hash["current_group_id"]).to eq(group2.id.to_s) end + + it "supports creating user with multiple groups" do + api_basic_authorize collection_action_identifier(:users, :create) + + post(api_users_url, :params => gen_request(:create, sample_user3)) + + expect(response).to have_http_status(:ok) + expect_result_resources_to_include_keys("results", expected_attributes) + + user_id = response.parsed_body["results"].first["id"] + expect(User.exists?(user_id)).to be_truthy + end + + it "rejects user creation with missing group attribute" do + api_basic_authorize collection_action_identifier(:users, :create) + + post(api_users_url, :params => sample_user2.except(:group)) + + expect_bad_request(/Missing attribute/i) + end + + it "rejects user creation with missing miq_groups attribute" do + api_basic_authorize collection_action_identifier(:users, :create) + + post(api_users_url, :params => sample_user3.except(:miq_groups)) + + expect_bad_request(/Missing attribute/i) + end end describe "users edit" do