Skip to content

Expose Email for Billable Members in API Endpoint for Admins

sameer shaik requested to merge admin-billable into master

What does this MR do and why?

Currently, the support team use prod rails console to fetch the emails when we get requests from the customers. This merge request modifies the logic for exposing the email attribute in the API endpoint /api/v4/groups/:id/billable_members. The changes are located in ee/lib/ee/api/members.rb and consist of the following:

The email attribute for each member in the billable_members endpoint is exposed if:

  • The current user has full admin permissions, or
  • The instance is managed by the current user.
  • If neither of these conditions is met, the public email of the instance will be exposed, if it exists.

Solves the following issue: #419006 (closed)

Screenshots or screen recordings

Example Response: http://localhost:3000/api/v4/groups/35/billable_members

[
  
   {
      "id":13,
      "username":"edgar",
      "name":"Branden Pollich",
      "state":"active",
      "avatar_url":"https://www.gravatar.com/avatar/c5d5be1bb8a6ae841faf006cbaf8d293?s=80\u0026d=identicon",
      "web_url":"http://127.0.0.1:3000/edgar",
      "email":"emmanuel@dietrichbartell.com",
      "last_activity_on":null,
      "membership_type":"project_member",
      "removable":true,
      "created_at":"2023-06-05T12:28:04.352Z",
      "is_last_owner":false,
      "last_login_at":null
   },
   {
      "id":18,
      "username":"fay_lind",
      "name":"Hilary Zieme",
      "state":"active",
      "avatar_url":"https://www.gravatar.com/avatar/fdc6f0fdd84d5dcacc20bc24c657f148?s=80\u0026d=identicon",
      "web_url":"http://127.0.0.1:3000/fay_lind",
      "email":"justine@davis.us",
      "last_activity_on":null,
      "membership_type":"group_member",
      "removable":true,
      "created_at":"2023-06-05T12:28:04.819Z",
      "is_last_owner":false,
      "last_login_at":null
   },
]

How to set up and validate locally

  1. Checkout the feature branch
  2. Pick any groups that contains billable members
  3. The response for the following api should include email value for admin users
  • Group billable members API: http://localhost:3000/api/v4/groups/GROUP_ID/billable_members

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by sameer shaik

Merge request reports