Merge branch 'api_for_user_creation' of dev.gitlabhq.com:gitlabhq

33955584 · Dmitriy Zaporozhets · 0187ae4e · bda0a755 · 33955584 · 33955584
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -65,6 +65,27 @@ Parameters:
 }
 ```
+## User creation
+Create user. Available only for admin
+```
+POST /users
+```
+Parameters:
+ `email` (required)                  - Email
+ `name` (required)                   - Name
+ `password` (required)               - Password
+ `password_confirmation` (required)  - Password confirmation
+ `skype`                             - Skype ID
+ `linkedin` (required)               - Linkedin
+ `twitter`                           - Twitter account
+ `projects_limit`                   - Limit projects wich user can create
+Will return created user with status `201 Created` on success, or `404 Not
+found` on fail.
 ## Current user
 Get currently authenticated user.

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -22,6 +22,10 @@ def authenticate!
      unauthorized! unless current_user
    end
+    def authenticated_as_admin!
+      forbidden! unless current_user.is_admin?
+    end
    def authorize! action, subject
      unless abilities.allowed?(current_user, action, subject)
        forbidden!

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -23,6 +23,30 @@ class Users < Grape::API
        @user = User.find(params[:id])
        present @user, with: Entities::User
      end
+      # Create user. Available only for admin
+      #
+      # Parameters:
+      #   email (required)                  - Email
+      #   name (required)                   - Name
+      #   password (required)               - Password
+      #   password_confirmation (required)  - Password confirmation
+      #   skype                             - Skype ID
+      #   linkedin (required)               - Linkedin
+      #   twitter                           - Twitter account
+      #   projects_limit                    - Limit projects wich user can create
+      # Example Request:
+      #   POST /users
+      post do
+        authenticated_as_admin!
+        attrs = attributes_for_keys [:email, :name, :password, :password_confirmation, :skype, :linkedin, :twitter, :projects_limit]
+        user = User.new attrs
+        if user.save
+          present user, with: Entities::User
+        else
+          not_found!
+        end
+      end
    end
    resource :user do
@@ -78,6 +102,8 @@ class Users < Grape::API
        key = current_user.keys.find params[:id]
        key.delete
      end
    end
  end
 end
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -4,6 +4,7 @@
  include ApiHelpers
  let(:user)  { Factory :user }
+  let(:admin) {Factory :admin}
  let(:key)   { Factory :key, user: user }
  describe "GET /users" do
@@ -32,6 +33,26 @@
    end
  end
+  describe "POST /users" do
+    before{ admin }
+    it "should not create invalid user" do
+      post api("/users", admin), { email: "invalid email" }
+      response.status.should == 404
+    end
+    it "should create user" do
+      expect{
+        post api("/users", admin), Factory.attributes(:user)
+      }.to change{User.count}.by(1)
+    end
+    it "shouldn't available for non admin users" do
+      post api("/users", user), Factory.attributes(:user)
+      response.status.should == 403
+    end
+  end
  describe "GET /user" do
    it "should return current user" do
      get api("/user", user)