- This would allow anyone with a personal access token (even a read-only
token, once scopes are implemented) to escalate their access by
obtaining the private token.
The user API documentation and the actual implementation were out of sync, missing certain newly introduced fields and beeing inconsistent between certain API definitions. The documentation was changed according the actual latest implementation.
Signed-off-by: Fabio Huser <fabio@fh1.ch>
Add the error code returned in the headers as well as an example of the
JSON informative message returned in the body.
Signed-off-by: Loic Dachary <loic@dachary.org>
- multiple blank lines before header
- skip header level
- colon at end of header
- break very long lines
- align definition like lists at marker
- case typos
- informal contractions
Complements POST operation added in gitlabhq/gitlabhq#3146
Implement DELETE /users/:uid/keys/:id for admin users
Fix "Line is too long. [83/80]"
Use single quotes as advised
Use single quotes as advised
Use single quotes as advised
Fix missing space around { and }
Fix typo in documentation
Only catch ActiveRecord::RecordNotFound, let other exceptions propagate
Raise a "404 Not found" if key to be deleted cannot be found
As requested by @jvanbaarsen in https://github.com/gitlabhq/gitlabhq/pull/6781#discussion_r11735114
Remove tab
Unconfigured vim on this box, grrrr./
Also, is_admin and can_create_group are exposed in the user information.
Fixed attributes_for_keys to process properly keys with boolean values (since false.present? is false).
The API docs incorrectly referenced a few attributes associated with users. The 'blocked' attribute has been replaced with 'state'. Also, 'dark_scheme' seems to no longer be available in the User model so it should be removed from the exposed attributes in the API User entity.
Add color scheme ID to API User entity
Most of these are comments but a few are strings for users.
Might be an idea to run this from time to time:
https://github.com/lyda/misspell-check
It runs mostly clean now.
The users API updated with return codes, e.g. if required parameters are missing
a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions,
e.g. deletion of a ssh key is an idempotent function now.
The API documentation is updated to reflect the current status of the API. Descriptions
are more detailed and complete, infos to return values are added to all functions.
Airat Shigapov
Dmitriy Zaporozhets
Rémy Coutable
Timothy Andrew
Fabio Huser
Robert Schilling
Achilleas Pipinellis
Zeger-Jan van de Weg
evuez
Gabriel Mazetto
Michi302
Stan Hu
Douwe Maan
Steve Norman
Sven Selberg
Loic Dachary
Daniel Serodio
Matthew Monaco
Liam Monahan
James Brooks
Ciro Santilli
Marin Jankovski
Timm Friebe
Johannes Schleifenbaum
dosire
Jerome Dalbert
Marin Jankovski
Boyan Tabakov
Drew Blessing
Alex Denisov
Kevin Lyda
Sebastian Ziebell
Angus MacArthur