Skip to content

Add params and ordering to group users API

Drew Blessing requested to merge dblessing_active_param_group_users_api into master

What does this MR do and why?

Adds the optional active param and adds default descending ID order to the Groups Users API. This ensures this endpoint behaves similarly to the global /users API in terms of ordering and only returning active users. This is an experimental endpoint and it's use in GitLab is behind a feature flag that is currently disabled on GitLab.com.

Related to https://gitlab.com/gitlab-org/gitlab/-/issues/424505

Database

This query is already being used in the /Users API. We're just moving it to address some authorization problems with certain specific filtering related to Groups.

Lab link: https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/24920/commands/79124

SELECT
    users.*
FROM
    (
        (
            SELECT
                users.*
            FROM
                users
                JOIN identities ON identities.user_id = users.id
            WHERE
                users.state NOT IN ( 'blocked', 'banned', 'ldap_blocked' ) AND
                identities.saml_provider_id = 19
        )
        UNION
        (
            SELECT
                users.*
            FROM
                users
                JOIN user_details AS user_detail ON user_detail.user_id = users.id
            WHERE
                users.state NOT IN ( 'blocked', 'banned', 'ldap_blocked' ) AND
                users.user_type = 13 AND
                user_detail.provisioned_by_group_id = 79
        )
    ) AS users
ORDER BY
    users.id DESC;

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. These steps assume you have SAML users and/or Service Account users and they're in the group being queried. See Service Account docs for more information.
  2. Prior to checking out code, call the Group Users API. Use one or more params of include_saml_users or include_service_accounts.
  3. Note the response orders users in ascending order based on record ID.
  4. Check out this MR's code. Repeat step 1.
  5. Note that users are returned in descending order by ID, consistent with the global /Users API.
  6. Repeat step 1 adding active=true to the query params, ensuring you have one or more users in the group (SAML users or Service Accounts) that are deactivated or blocked.
  7. Note that deactivated or blocked users are not included in the request.
Edited by Drew Blessing

Merge request reports

Loading