Fixed validation while adding user with multiple groups.

app/controllers/api/users_controller.rb

@@ -100,10 +100,11 @@ def validate_self_user_data(data = {})
 
     def validate_user_create_data(data)
       validate_user_data(data)
-      req_attrs = %w(name userid group)
+      req_attrs = %w(name userid)
       req_attrs << "password" if ::Settings.authentication.mode == "database"
       bad_attrs = []
       req_attrs.each { |attr| bad_attrs << attr if data[attr].blank? }
+      bad_attrs << "group or miq_groups" if !data['group'] && !data['miq_groups']
       raise BadRequestError, "Missing attribute(s) #{bad_attrs.join(', ')} for creating a user" if bad_attrs.present?
     end
   end

spec/requests/users_spec.rb

@@ -21,6 +21,7 @@
 
   let(:sample_user1) { {:userid => "user1", :name => "User1", :password => "password1", :group => {"id" => group1.id}} }
   let(:sample_user2) { {:userid => "user2", :name => "User2", :password => "password2", :group => {"id" => group2.id}} }
+  let(:sample_user3) { {:userid => "user3", :name => "User3", :password => "password3", :miq_groups => [{"id" => group1.id}, {"id" => group2.id}]} }
 
   let(:user1) { FactoryGirl.create(:user, sample_user1.except(:group).merge(:miq_groups => [group1])) }
   let(:user2) { FactoryGirl.create(:user, sample_user2.except(:group).merge(:miq_groups => [group2])) }
@@ -199,6 +200,34 @@
       expect(user1_hash["current_group_id"]).to eq(group1.id.to_s)
       expect(user2_hash["current_group_id"]).to eq(group2.id.to_s)
     end
+
+    it "supports creating user with multiple groups" do
+      api_basic_authorize collection_action_identifier(:users, :create)
+
+      post(api_users_url, :params => gen_request(:create, sample_user3))
+
+      expect(response).to have_http_status(:ok)
+      expect_result_resources_to_include_keys("results", expected_attributes)
+
+      user_id = response.parsed_body["results"].first["id"]
+      expect(User.exists?(user_id)).to be_truthy
+    end
+
+    it "rejects user creation with missing group attribute" do
+      api_basic_authorize collection_action_identifier(:users, :create)
+
+      post(api_users_url, :params => sample_user2.except(:group))
+
+      expect_bad_request(/Missing attribute/i)
+    end
+
+    it "rejects user creation with missing miq_groups attribute" do
+      api_basic_authorize collection_action_identifier(:users, :create)
+
+      post(api_users_url, :params => sample_user3.except(:miq_groups))
+
+      expect_bad_request(/Missing attribute/i)
+    end
   end
 
   describe "users edit" do