6 files changed, 79 insertions, 22 deletions

diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb
index 9417c63c43a..de6ff92d1da 100644
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -55,7 +55,6 @@ module Users
         :force_random_password,
         :hide_no_password,
         :hide_no_ssh_key,
-        :key_id,
         :linkedin,
         :name,
         :password,
@@ -69,7 +68,10 @@ module Users
         :twitter,
         :username,
         :website_url,
-        :private_profile
+        :private_profile,
+        :organization,
+        :location,
+        :public_email
       ]
     end
 
diff --git a/changelogs/unreleased/feature-set-public-email-through-api.yml b/changelogs/unreleased/feature-set-public-email-through-api.yml
new file mode 100644
index 00000000000..22fae71e9d8
--- /dev/null
+++ b/changelogs/unreleased/feature-set-public-email-through-api.yml
@@ -0,0 +1,5 @@
+---
+title: Add support for setting the public email through the api
+merge_request: 21938
+author: Alexis Reigel
+type: added
diff --git a/changelogs/unreleased/fix-add-organization-and-location-to-allowed-parameters.yml b/changelogs/unreleased/fix-add-organization-and-location-to-allowed-parameters.yml
new file mode 100644
index 00000000000..4d85e1b9af2
--- /dev/null
+++ b/changelogs/unreleased/fix-add-organization-and-location-to-allowed-parameters.yml
@@ -0,0 +1,5 @@
+---
+title: Allow setting user's organization and location attributes through the API by adding them to the list of allowed parameters
+merge_request: 21938
+author: Alexis Reigel
+type: fixed
diff --git a/doc/api/users.md b/doc/api/users.md
index 762ea53edee..3b41e0f7ec6 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -288,6 +288,7 @@ Parameters:
 - `provider` (optional)          - External provider name
 - `bio` (optional)               - User's biography
 - `location` (optional)          - User's location
+- `public_email` (optional)      - The public email of the user
 - `admin` (optional)             - User is admin - true or false (default)
 - `can_create_group` (optional)  - User can create groups - true or false
 - `skip_confirmation` (optional) - Skip confirmation - true or false (default)
@@ -305,26 +306,27 @@ PUT /users/:id
 
 Parameters:
 
-- `email`                       - Email
-- `username`                    - Username
-- `name`                        - Name
-- `password`                    - Password
-- `skype`                       - Skype ID
-- `linkedin`                    - LinkedIn
-- `twitter`                     - Twitter account
-- `website_url`                 - Website URL
-- `organization`                - Organization name
-- `projects_limit`              - Limit projects each user can create
-- `extern_uid`                  - External UID
-- `provider`                    - External provider name
-- `bio`                         - User's biography
-- `location` (optional)         - User's location
-- `admin` (optional)            - User is admin - true or false (default)
-- `can_create_group` (optional) - User can create groups - true or false
+- `email`                          - Email
+- `username`                       - Username
+- `name`                           - Name
+- `password`                       - Password
+- `skype`                          - Skype ID
+- `linkedin`                       - LinkedIn
+- `twitter`                        - Twitter account
+- `website_url`                    - Website URL
+- `organization`                   - Organization name
+- `projects_limit`                 - Limit projects each user can create
+- `extern_uid`                     - External UID
+- `provider`                       - External provider name
+- `bio`                            - User's biography
+- `location` (optional)            - User's location
+- `public_email` (optional)        - The public email of the user
+- `admin` (optional)               - User is admin - true or false (default)
+- `can_create_group` (optional)    - User can create groups - true or false
 - `skip_reconfirmation` (optional) - Skip reconfirmation - true or false (default)
-- `external` (optional)         - Flags the user as external - true or false(default)
-- `avatar` (optional)           - Image file for user's avatar
-- `private_profile` (optional)  - User's profile is private - true or false
+- `external` (optional)            - Flags the user as external - true or false(default)
+- `avatar` (optional)              - Image file for user's avatar
+- `private_profile` (optional)     - User's profile is private - true or false
 
 On password update, user will be forced to change it upon next login.
 Note, at the moment this method does only return a `404` error,
diff --git a/lib/api/users.rb b/lib/api/users.rb
index ac09ca7f7b7..9cf0d44f9fb 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -42,12 +42,12 @@ module API
           optional :provider, type: String, desc: 'The external provider'
           optional :bio, type: String, desc: 'The biography of the user'
           optional :location, type: String, desc: 'The location of the user'
+          optional :public_email, type: String, desc: 'The public email of the user'
           optional :admin, type: Boolean, desc: 'Flag indicating the user is an administrator'
           optional :can_create_group, type: Boolean, desc: 'Flag indicating the user can create groups'
           optional :external, type: Boolean, desc: 'Flag indicating the user is an external user'
           optional :avatar, type: File, desc: 'Avatar image for user'
           optional :private_profile, type: Boolean, desc: 'Flag indicating the user has a private profile'
-          optional :min_access_level, type: Integer, values: Gitlab::Access.all_values, desc: 'Limit by minimum access level of authenticated user'
           all_or_none_of :extern_uid, :provider
         end
 
diff --git a/spec/services/users/build_service_spec.rb b/spec/services/users/build_service_spec.rb
index b987fe45138..051e8c87f39 100644
--- a/spec/services/users/build_service_spec.rb
+++ b/spec/services/users/build_service_spec.rb
@@ -14,6 +14,49 @@ describe Users::BuildService do
         expect(service.execute).to be_valid
       end
 
+      context 'allowed params' do
+        let(:params) do
+          {
+            access_level: 1,
+            admin: 1,
+            avatar: anything,
+            bio: 1,
+            can_create_group: 1,
+            color_scheme_id: 1,
+            email: 1,
+            external: 1,
+            force_random_password: 1,
+            hide_no_password: 1,
+            hide_no_ssh_key: 1,
+            linkedin: 1,
+            name: 1,
+            password: 1,
+            password_automatically_set: 1,
+            password_expires_at: 1,
+            projects_limit: 1,
+            remember_me: 1,
+            skip_confirmation: 1,
+            skype: 1,
+            theme_id: 1,
+            twitter: 1,
+            username: 1,
+            website_url: 1,
+            private_profile: 1,
+            organization: 1,
+            location: 1,
+            public_email: 1
+          }
+        end
+
+        it 'sets all allowed attributes' do
+          admin_user # call first so the admin gets created before setting `expect`
+
+          expect(User).to receive(:new).with(hash_including(params)).and_call_original
+
+          service.execute
+        end
+      end
+
       context 'with "user_default_external" application setting' do
         using RSpec::Parameterized::TableSyntax