Members API: Allow group Owners to obtain enterprise users emails
What does this MR do and why?
Related to
- Members API update: Allow Group Owners to obtai... (#391453 - closed)
- Allow provisioning group owners to view billabl... (#388782 - closed)
Related MRs:
- Expose user email to group managed account owners (!30584 - merged)
- Allow provisioning group to view member email a... (!105595 - merged)
- Expose Email for Billable Members in API Endpoi... (!127927 - merged)
The following Group and project members API endpoints
GET /groups/:id/members
GET /projects/:id/members
POST /groups/:id/members
POST /projects/:id/members
GET /groups/:id/members/all
GET /projects/:id/members/all
GET /groups/:id/members/:user_id
GET /projects/:id/members/:user_id
GET /groups/:id/members/all/:user_id
GET /projects/:id/members/all/:user_id
PUT /groups/:id/members/:user_id
PUT /projects/:id/members/:user_id
POST /groups/:id/members/:user_id/override
DELETE /groups/:id/members/:user_id/override
expose email
attribute to group owners for users provisioned by the group. This MR changes the criteria for those endpoints to expose email
addresses of enterprise users only. Also this MR limits exposing email
addresses of enterprise users to API requests that are in the context of the group only, see for more details #391453 (comment 1702332372).
There is also GET /groups/:id/billable_members
API endpoint. Currently, this endpoint expose email
attribute
- with value as user's
public_email
- if requested user is GitLab instance Admin, the value of the
email
attribute is user's primary email.
This MR updates this endpoint to allow group owners obtain enterprise users' primary emails.
Additionally, this MR
-
finally eliminates all N+1 database queries for all those endpoints, see !135873 (comment 1718813223) - does not cause N+1 and adds more N+1 tests to confirm that
- Optimizes those endpoints by removing eager loading
provisioned_by_group
for each member and does not add any new eager loading - improves test coverage by adding new and complementing existing tests
- improves the code by removing the EoL code & simplifying the existing code
Screenshots or screen recordings
How to set up and validate locally
- Make sure the GitLab instance simulates or a SaaS instance since Enterprise Users is a SaaS feature
- Configure "Automatic claims of enterprise users". For testing purposes on the local environment you can claim the user manually from the Rails console:
User.find_by_username('USERNAME').user_detail.update(enterprise_group_id: GROUP_ID)
- Add that user to group members.
- Query each API endpoint mentioned above as a group owner.
email
attribute should be exposed for the enterprise user of the group. - For for more scenarios to test manually see tests added in this MR.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.