Endpoint for multiple users basic info by usernames

Author: Redande

app/controllers/api/v8/apidocs_controller.rb

@@ -144,7 +144,6 @@ class ApidocsController < ActionController::Base
       # A list of all classes that have swagger_* declarations.
       # The order of the swagered_classes affects the order they are shown in swaggerUI
       SWAGGERED_CLASSES = [
-        Api::V8::SubmissionsController,
         Api::V8::UsersController,
         Api::V8::CoursesController,
         Api::V8::Courses::PointsController,
@@ -164,6 +163,7 @@ class ApidocsController < ActionController::Base
         Api::V8::Organizations::Courses::Exercises::Users::PointsController,
         Api::V8::Organizations::Courses::Users::PointsController,
         Api::V8::Organizations::Courses::Users::SubmissionsController,
+        Api::V8::Users::BasicInfoByUsernamesController,
         Api::V8::Core::CoursesController,
         Api::V8::Core::Courses::ReviewsController,
         Api::V8::Core::Courses::UnlocksController,

app/controllers/api/v8/users/basic_info_by_usernames_controller.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Api
+  module V8
+    module Users
+      class BasicInfoByUsernamesController < Api::V8::BaseController
+        include Swagger::Blocks
+
+        swagger_path '/api/v8/users/basic_info_by_usernames' do
+          operation :post do
+            key :description, 'Find all users\' basic infos with the posted json array of usernames'
+            key :operationId, 'findUsersBasicInfoByUsernames'
+            key :produces, [
+              'application/json'
+            ]
+            key :tags, [
+              'user'
+            ]
+            response 200 do
+              key :description, 'Users\' username, email, and administrator status by usernames as json'
+              schema do
+                key :title, :user
+                key :required, [:user]
+                property :user do
+                  key :'$ref', :UsersBasicInfo
+                end
+              end
+            end
+            response 403, '$ref': '#/responses/error'
+            response 404, '$ref': '#/responses/error'
+          end
+        end
+
+
+        skip_authorization_check
+
+        def create
+          respond_access_denied unless current_user.administrator?
+          users = params[:usernames]
+
+          data = User.where(login: users).map do |u|
+            {
+              id: u.id,
+              username: u.login,
+              email: u.email,
+              administrator: u.administrator
+            }
+          end
+          render json: data
+        end
+      end
+    end
+  end
+end

config/routes.rb

@@ -42,12 +42,13 @@
     namespace :v8, defaults: {format: 'json'} do
       resources :apidocs, only: :index, path: 'documentation'
 
-      resources :users, only: [:show, :create, :update] do
-        resources :request_deletion, only: [:create], module: :users
-      end
-
       namespace :users do
         resources :password_reset, only: [:create]
+        resources :basic_info_by_usernames, only: :create
+      end
+
+      resources :users, only: [:show, :create, :update] do
+        resources :request_deletion, only: [:create], module: :users
       end
 
       resources :organizations, param: :slug, path: 'org', only: %i{index show} do