[36467] Add API users form and schema endpoints

app/contracts/users/base_contract.rb

@@ -30,11 +30,12 @@
 
 module Users
   class BaseContract < ::ModelContract
+    include AssignableCustomFieldValues
+
     attribute :login,
               writeable: ->(*) { user.allowed_to_globally?(:manage_user) && model.id != user.id }
     attribute :firstname
     attribute :lastname
-    attribute :name
     attribute :mail
     attribute :admin,
               writeable: ->(*) { user.admin? && model.id != user.id }
@@ -53,18 +54,33 @@ def self.model
       User
     end
 
-    validate :password_writable
+    validate :validate_password_writable
     validate :existing_auth_source
 
+    delegate :available_custom_fields, to: :model
+
+    def reduce_writable_attributes(attributes)
+      super.tap do |writable|
+        writable << 'password' if password_writable?
+      end
+    end
+
     private
 
+    ##
+    # Password is not a regular attribute so it bypasses
+    # attribute writable checks
+    def password_writable?
+      user.admin? || user.id == model.id
+    end
+
     ##
     # User#password is not an ActiveModel property,
     # but just an accessor, so we need to identify it being written there.
     # It is only present when freshly written
-    def password_writable
+    def validate_password_writable
       # Only admins or the user themselves can set the password
-      return if user.admin? || user.id == model.id
+      return if password_writable?
 
       errors.add :password, :error_readonly if model.password.present?
     end

config/constants/ar_to_api_conversions.rb

@@ -44,7 +44,9 @@ class ARToAPIConversions
       column_names: 'columns',
       is_public: 'public',
       sort_criteria: 'sortBy',
-      message: 'post'
+      message: 'post',
+      firstname: 'firstName',
+      lastname: 'lastName',
     }.freeze
 
     # Conversions that are unidirectional (from the API to AR)