Expose Email for Billable Members in API Endpoint for Admins
What does this MR do and why?
Currently, the support team use prod rails console to fetch the emails when we get requests from the customers. This merge request modifies the logic for exposing the email attribute in the API endpoint /api/v4/groups/:id/billable_members
. The changes are located in ee/lib/ee/api/members.rb
and consist of the following:
The email attribute for each member in the billable_members endpoint is exposed if:
- The current user has full admin permissions, or
- The instance is managed by the current user.
- If neither of these conditions is met, the public email of the instance will be exposed, if it exists.
Solves the following issue: #419006 (closed)
Screenshots or screen recordings
Example Response: http://localhost:3000/api/v4/groups/35/billable_members
[
{
"id":13,
"username":"edgar",
"name":"Branden Pollich",
"state":"active",
"avatar_url":"https://www.gravatar.com/avatar/c5d5be1bb8a6ae841faf006cbaf8d293?s=80\u0026d=identicon",
"web_url":"http://127.0.0.1:3000/edgar",
"email":"emmanuel@dietrichbartell.com",
"last_activity_on":null,
"membership_type":"project_member",
"removable":true,
"created_at":"2023-06-05T12:28:04.352Z",
"is_last_owner":false,
"last_login_at":null
},
{
"id":18,
"username":"fay_lind",
"name":"Hilary Zieme",
"state":"active",
"avatar_url":"https://www.gravatar.com/avatar/fdc6f0fdd84d5dcacc20bc24c657f148?s=80\u0026d=identicon",
"web_url":"http://127.0.0.1:3000/fay_lind",
"email":"justine@davis.us",
"last_activity_on":null,
"membership_type":"group_member",
"removable":true,
"created_at":"2023-06-05T12:28:04.819Z",
"is_last_owner":false,
"last_login_at":null
},
]
How to set up and validate locally
- Checkout the feature branch
- Pick any groups that contains billable members
- The response for the following api should include
email
value for admin users
-
Group billable members API:
http://localhost:3000/api/v4/groups/GROUP_ID/billable_members
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by sameer shaik