Commit c6102063 authored by Nihad Abbasov's avatar Nihad Abbasov

fix mass-assignment error in user create API

parent 770ec335
......@@ -23,7 +23,7 @@ module Gitlab
@user = User.find(params[:id])
present @user, with: Entities::User
end
# Create user. Available only for admin
#
# Parameters:
......@@ -40,7 +40,7 @@ module Gitlab
post do
authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit]
user = User.new attrs
user = User.new attrs, as: :admin
if user.save
present user, with: Entities::User
else
......
......@@ -4,7 +4,7 @@ describe Gitlab::API do
include ApiHelpers
let(:user) { Factory :user }
let(:admin) {Factory :admin}
let(:admin) { Factory :admin }
let(:key) { Factory :key, user: user }
describe "GET /users" do
......@@ -42,9 +42,9 @@ describe Gitlab::API do
end
it "should create user" do
expect{
post api("/users", admin), Factory.attributes(:user)
}.to change{User.count}.by(1)
expect {
post api("/users", admin), Factory.attributes(:user, projects_limit: 3)
}.to change { User.count }.by(1)
end
it "shouldn't available for non admin users" do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment