Skip to content

Expose user's plan and trial status via API

Ethan Urie requested to merge 198391-add-user-plan-and-trial-status-to-api into master

What does this MR do?

Exposes user's plan and trial status via the /users/:id api endpoint. This data is useful to the abuse and security automation teams for building systems and services to predict and prevent abuse.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

This data should only be available to authenticated admins on EE via the /users/:id endpoint and not seen in the results from the /users endpoint.

To test:

curl "http://localhost/api/v4/users/<User ID>" -H 'PRIVATE-TOKEN: <your local GitLab API key>'

This should return JSON where both plan and trial exist. If the user has a subscription the level will be plans value, otherwise both values will be nil.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Closes #198391

Edited by Ethan Urie

Merge request reports

Loading