Ensure Current.organization is set in REST API (!161008) · Merge requests · GitLab.org / GitLab

Rutger Wessels requested to merge 474831-rest-api-current_organization into master Jul 29, 2024

What does this MR do and why?

In !158626 (merged), Current.organization is being set using Gitlab::Current::Organization. This works for web and GraphQL requests but not for Grape API (REST), because it is not using Rails ApplicationController.

This MR adds a before hook that will set Current.organization for the current request

Related to #474831 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

We can validate this change by creating a new Group using REST API. The validation of this change is not trivial, because the database has DEFAULT 1 for namespaces.organization_id column. So even without a Organization, the Group will be created. For the sake of testing, we remove the default 1:

Create a Personal Access Token using http://gdk.test:3000/-/user_settings/personal_access_tokens
Using gdk psql: alter table namespaces alter column organization_id drop default, alter column organization_id set not null;
Enable feature flag using gdk rails c: Feature.enable(:require_organization)

on master branch, this will fail

curl -XPOST --header "Content-Type: application/json" -d '{"name":"My New Group", "path":"my_new_group"}' --header "PRIVATE-TOKEN: <your token>" "http://gdk.test:3000/api/v4/groups"

on this branch, it will succeed and the group will be created

Don't forget to restore the database:

alter table namespaces alter column organization_id default 1, alter column organization_id set not null;

Edited Sep 02, 2024 by Rutger Wessels

Ensure Current.organization is set in REST API

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports