Expose user's plan and trial status via API
What does this MR do?
Exposes user's plan and trial status via the /users/:id
api endpoint. This data is useful to the abuse and security automation teams for building systems and services to predict and prevent abuse.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
This data should only be available to authenticated admins on EE via the /users/:id
endpoint and not seen in the results from the /users
endpoint.
To test:
curl "http://localhost/api/v4/users/<User ID>" -H 'PRIVATE-TOKEN: <your local GitLab API key>'
This should return JSON where both plan
and trial
exist.
If the user has a subscription the level will be plan
s value, otherwise both values will be nil
.
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Closes #198391
Edited by Ethan Urie