allow profile attributes to be updated directly via users API

there's no API endpoint for user profile title and bio to be updated, so just let them come in through the user update test plan: * enable Profiles on the root account * refer to the Users API documentation for "Edit a user" to set a user's bio and title through the API closes #CORE-2403 Change-Id: I6bdd9189653215f1cdab54f499db10574e102706 Reviewed-on: https://gerrit.instructure.com/179340 Tested-by: Jenkins Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Rob Orton <rob@instructure.com> Product-Review: Rob Orton <rob@instructure.com>
2019-01-25 07:59:14 -07:00 · 2019-01-25 07:59:14 -07:00 · 097e033581
parent 15a33cfd09
commit 097e033581
3 changed files with 42 additions and 3 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1819,6 +1819,14 @@ class UsersController < ApplicationController
  #   token and instead pass the url here. Warning: For maximum compatibility,
  #   please use 128 px square images.
  #
+  # @argument user[title] [String]
+  #   Sets a title on the user profile. (See {api:ProfileController#settings Get user profile}.)
+  #   Profiles must be enabled on the root account.
+  #
+  # @argument user[bio] [String]
+  #   Sets a bio on the user profile. (See {api:ProfileController#settings Get user profile}.)
+  #   Profiles must be enabled on the root account.
+  #
  # @example_request
  #
  #   curl 'https://<canvas>/api/v1/users/133.json' \
@ -1843,6 +1851,11 @@ class UsersController < ApplicationController
    managed_attributes << :terms_of_use if @user == (@real_current_user || @current_user)
    managed_attributes << :email if update_email

+    if @domain_root_account.enable_profiles?
+      managed_attributes << :bio if @user.grants_right?(@current_user, :manage_user_details)
+      managed_attributes << :title if @user.grants_right?(@current_user, :rename)
+    end
+
    if @user.grants_right?(@current_user, :manage_user_details)
      managed_attributes.concat([:time_zone, :locale])
    end
@ -1874,6 +1887,16 @@ class UsersController < ApplicationController
        @user.grants_right?(@current_user, :update_avatar) &&
        @user.grants_right?(@current_user, :manage_user_details)

+      includes = %w{locale avatar_url email time_zone}
+      if title = user_params.delete(:title)
+        @user.profile.title = title
+        includes << "title"
+      end
+      if bio = user_params.delete(:bio)
+        @user.profile.bio = bio
+        includes << "bio"
+      end
+
      if admin_avatar_update
        old_avatar_state = @user.avatar_state
        @user.avatar_state = 'submitted'
@ -1903,7 +1926,7 @@ class UsersController < ApplicationController
          end
          format.html { redirect_to user_url(@user) }
          format.json {
-            render :json => user_json(@user, @current_user, session, %w{locale avatar_url email time_zone},
+            render :json => user_json(@user, @current_user, session, includes,
              @current_user.pseudonym.account) }
        else
          format.html { render :edit }
--- a/lib/api/v1/user.rb
+++ b/lib/api/v1/user.rb
@ -88,8 +88,9 @@ module Api::V1::User
        json[:email] = user.email
      end

-      if includes.include?('bio') && !excludes.include?('personal_info') && @domain_root_account.enable_profiles? && user.profile
-        json[:bio] = user.profile.bio
+      if !excludes.include?('personal_info') && @domain_root_account&.enable_profiles? && user.profile
+        json[:bio] = user.profile.bio if includes.include?('bio')
+        json[:title] = user.profile.title if includes.include?('title')
      end

      if includes.include?('sections')
--- a/spec/apis/v1/users_api_spec.rb
+++ b/spec/apis/v1/users_api_spec.rb
@ -1419,6 +1419,7 @@ describe "Users API", type: :request do
      @path_options = { :controller => 'users', :action => 'update', :format => 'json', :id => @student.id.to_param }
      user_with_pseudonym(:user => @user, :username => 'admin@example.com')
    end
+
    context "an admin user" do
      it "should be able to update a user" do
        birthday = Time.now
@ -1470,6 +1471,20 @@ describe "Users API", type: :request do
        end
      end

+      it "should be able to update a user's profile" do
+        Account.default.tap{|a| a.settings[:enable_profiles] = true; a.save!}
+        new_title = "Burninator"
+        new_bio = "burninating the countryside"
+        json = api_call(:put, @path, @path_options, {
+          :user => {:title => new_title, :bio => new_bio}
+        })
+        expect(json['title']).to eq new_title
+        expect(json['bio']).to eq new_bio
+        user = User.find(json['id'])
+        expect(user.profile.title).to eq new_title
+        expect(user.profile.bio).to eq new_bio
+      end
+
      it "should catch invalid dates" do
        birthday = Time.now
        json = api_call(:put, @path, @path_options, {