From 9f0f086b3e117a799ba3277dcbdda8781c55842e Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Mon, 28 Aug 2017 15:36:46 -0400
Subject: [PATCH] FEATURE: allow API to mark accounts as approved on creation

---
 app/controllers/users_controller.rb       |  8 +++++++-
 spec/controllers/users_controller_spec.rb | 23 +++++++++++++++++++----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 6c416f4d939..94639c5bd65 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -318,6 +318,12 @@ class UsersController < ApplicationController
       user = User.new(user_params)
     end
 
+    # Handle API approval
+    if user.approved
+      user.approved_by_id ||= current_user.id
+      user.approved_at ||= Time.zone.now
+    end
+
     # Handle custom fields
     user_fields = UserField.all
     if user_fields.present?
@@ -842,7 +848,7 @@ class UsersController < ApplicationController
           current_user.present? &&
           current_user.admin?
 
-        result.merge!(params.permit(:active, :staged))
+        result.merge!(params.permit(:active, :staged, :approved))
       end
 
       result
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 8dd54d5b5e8..8b3cfde3771 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -564,12 +564,27 @@ describe UsersController do
       end
 
       context "with an admin api key" do
-        let(:user) { Fabricate(:admin) }
-        let(:api_key) { Fabricate(:api_key, user: user) }
+        let(:admin) { Fabricate(:admin) }
+        let(:api_key) { Fabricate(:api_key, user: admin) }
 
         it "creates the user as active with a regular key" do
-          xhr :post, :create, post_user_params.merge(active: true, api_key: api_key.key)
-          expect(JSON.parse(response.body)['active']).to be_truthy
+          SiteSetting.queue_jobs = true
+          SiteSetting.send_welcome_message = true
+          SiteSetting.must_approve_users = true
+
+          Sidekiq::Client.expects(:enqueue).never
+
+          xhr :post, :create, post_user_params.merge(approved: true, active: true, api_key: api_key.key)
+          json = JSON.parse(response.body)
+
+          new_user = User.find(json["user_id"])
+
+          expect(json['active']).to be_truthy
+
+          expect(new_user.active).to eq(true)
+          expect(new_user.approved).to eq(true)
+          expect(new_user.approved_by_id).to eq(admin.id)
+          expect(new_user.approved_at).to_not eq(nil)
         end
 
         it "won't create the developer as active" do