diff options
author | Alex Lossent <alexandre.lossent@cern.ch> | 2015-10-12 16:24:00 +0300 |
---|---|---|
committer | Alex Lossent <alexandre.lossent@cern.ch> | 2015-10-12 16:24:00 +0300 |
commit | 024e34e94d973842cf02d9177e9ec52bd587ceee (patch) | |
tree | 228f5ce6d191f6771fd64aae1b2a85c795b71b79 /lib/api | |
parent | 5ffbf5feb7577ec3affc32992c79cddca3036c4d (diff) |
Hide passwords to non-admin users in the services API
In order to be consistent with !1490 doing it for the web interface
Diffstat (limited to 'lib/api')
-rw-r--r-- | lib/api/entities.rb | 12 | ||||
-rw-r--r-- | lib/api/services.rb | 2 |
2 files changed, 13 insertions, 1 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 9620d36ac41..7a1e702c755 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -255,6 +255,18 @@ module API expose :notification_level end + class ProjectService < Grape::Entity + expose :id, :title, :created_at, :updated_at, :active + expose :push_events, :issues_events, :merge_requests_events, :tag_push_events, :note_events + # Expose serialized properties + expose :properties do |service, options| + field_names = service.fields. + select { |field| options[:include_passwords] || field[:type] != 'password' }. + map { |field| field[:name] } + service.properties.slice(*field_names) + end + end + class ProjectWithAccess < Project expose :permissions do expose :project_access, using: Entities::ProjectAccess do |project, options| diff --git a/lib/api/services.rb b/lib/api/services.rb index 6727e80ac1e..203f04a6259 100644 --- a/lib/api/services.rb +++ b/lib/api/services.rb @@ -57,7 +57,7 @@ module API # GET /project/:id/services/gitlab-ci # get ':id/services/:service_slug' do - present project_service + present project_service, with: Entities::ProjectService, include_passwords: current_user.is_admin? end end end |