Fix group API response to include runners token if with_projects=false
What does this MR do and why?
Fixes a bug that left out runners_token
for requests to /groups/:id?with_projects=false
if the user was an administrator (but not a group owner).
Fixes #345200 (closed)
Screenshots or screen recordings
↳ curl -s --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" http://192.168.50.25:3000/api/v4/groups/451?with_projects=false | jq .'runners_token'
"GR13489411Vn6am5Bsb7Z5t9SupC_"
How to set up and validate locally
- As a non-admin user, create a group with a project.
- As an admin user who is not a member of the group, make an API request to get the group without projects, e.g.,
http://localhost:3000/api/v4/groups/1?with_projects=false
- The response should include
runners_token
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Mark Lapierre