Merge branch 'bvl-user-status-message-35463' into 'master'

Allow users to set a status

Closes #35463

See merge request gitlab-org/gitlab-ce!20614

3 files changed, 60 insertions, 0 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 4be7707d3e7..f858d9fa23d 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -62,6 +62,14 @@ module API
       expose :admin?, as: :is_admin
     end
 
+    class UserStatus < Grape::Entity
+      expose :emoji
+      expose :message
+      expose :message_html do |entity|
+        MarkupHelper.markdown_field(entity, :message)
+      end
+    end
+
     class Email < Grape::Entity
       expose :id, :email
     end
diff --git a/lib/api/users.rb b/lib/api/users.rb
index e83887b3e9e..b0811bb4aad 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -121,6 +121,17 @@ module API
         present user, opts
       end
 
+      desc "Get the status of a user"
+      params do
+        requires :id_or_username, type: String, desc: 'The ID or username of the user'
+      end
+      get ":id_or_username/status" do
+        user = find_user(params[:id_or_username])
+        not_found!('User') unless user && can?(current_user, :read_user, user)
+
+        present user.status || {}, with: Entities::UserStatus
+      end
+
       desc 'Create a user. Available only for admins.' do
         success Entities::UserPublic
       end
@@ -740,6 +751,30 @@ module API
 
         present paginate(activities), with: Entities::UserActivity
       end
+
+      desc 'Set the status of the current user' do
+        success Entities::UserStatus
+      end
+      params do
+        optional :emoji, type: String, desc: "The emoji to set on the status"
+        optional :message, type: String, desc: "The status message to set"
+      end
+      put "status" do
+        forbidden! unless can?(current_user, :update_user_status, current_user)
+
+        if ::Users::SetStatusService.new(current_user, declared_params).execute
+          present current_user.status, with: Entities::UserStatus
+        else
+          render_validation_error!(current_user.status)
+        end
+      end
+
+      desc 'get the status of the current user' do
+        success Entities::UserStatus
+      end
+      get 'status' do
+        present current_user.status || {}, with: Entities::UserStatus
+      end
     end
   end
 end
diff --git a/lib/banzai/pipeline/emoji_pipeline.rb b/lib/banzai/pipeline/emoji_pipeline.rb
new file mode 100644
index 00000000000..a1b522f4303
--- /dev/null
+++ b/lib/banzai/pipeline/emoji_pipeline.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Banzai
+  module Pipeline
+    class EmojiPipeline < BasePipeline
+      # These filters will only perform sanitization of the content, preventing
+      # XSS, and replace emoji.
+      def self.filters
+        @filters ||= FilterArray[
+          Filter::HtmlEntityFilter,
+          Filter::SanitizationFilter,
+          Filter::EmojiFilter
+        ]
+      end
+    end
+  end
+end