Add params and ordering to group users API
What does this MR do and why?
Adds the optional active param and adds default descending ID order to the Groups Users API. This ensures this endpoint behaves similarly to the global /users
API in terms of ordering and only returning active users. This is an experimental endpoint and it's use in GitLab is behind a feature flag that is currently disabled on GitLab.com.
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/424505
Database
This query is already being used in the /Users
API. We're just moving it to address some authorization problems with certain specific filtering related to Groups.
Lab link: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/24920/commands/79124
SELECT
users.*
FROM
(
(
SELECT
users.*
FROM
users
JOIN identities ON identities.user_id = users.id
WHERE
users.state NOT IN ( 'blocked', 'banned', 'ldap_blocked' ) AND
identities.saml_provider_id = 19
)
UNION
(
SELECT
users.*
FROM
users
JOIN user_details AS user_detail ON user_detail.user_id = users.id
WHERE
users.state NOT IN ( 'blocked', 'banned', 'ldap_blocked' ) AND
users.user_type = 13 AND
user_detail.provisioned_by_group_id = 79
)
) AS users
ORDER BY
users.id DESC;
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- These steps assume you have SAML users and/or Service Account users and they're in the group being queried. See Service Account docs for more information.
- Prior to checking out code, call the Group Users API. Use one or more params of
include_saml_users
orinclude_service_accounts
. - Note the response orders users in ascending order based on record ID.
- Check out this MR's code. Repeat step 1.
- Note that users are returned in descending order by ID, consistent with the global
/Users
API. - Repeat step 1 adding
active=true
to the query params, ensuring you have one or more users in the group (SAML users or Service Accounts) that are deactivated or blocked. - Note that deactivated or blocked users are not included in the request.