diff options
| author | Izaak Alpert <ialpert@blackberry.com> | 2013-09-04 11:19:03 -0400 |
|---|---|---|
| committer | Izaak Alpert <ialpert@blackberry.com> | 2013-09-04 13:17:17 -0400 |
| commit | 8248e1f2b83895f394a3fecd25dcea4a8b40303b (patch) | |
| tree | b863098af85b8dc1d1dbd956799eab2b5058a60a /lib/api/groups.rb | |
| parent | 626359831402aeede4c4cb12cb10c7534a0dae79 (diff) | |
| download | gitlab-ce-8248e1f2b83895f394a3fecd25dcea4a8b40303b.tar.gz | |
Add group membership api
Change-Id: I5b174bba02856ede788dcb51ec9b0d598ea7d0df
Diffstat (limited to 'lib/api/groups.rb')
| -rw-r--r-- | lib/api/groups.rb | 73 |
1 files changed, 67 insertions, 6 deletions
diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 701f6777b77..54393740867 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -4,6 +4,19 @@ module API before { authenticate! } resource :groups do + helpers do + def find_group(id) + group = Group.find(id) + if current_user.admin or current_user.groups.include? group + group + else + render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) + end + end + def validate_access_level?(level) + [UsersGroup::GUEST, UsersGroup::REPORTER, UsersGroup::DEVELOPER, UsersGroup::MASTER].include? level.to_i + end + end # Get a groups list # # Example Request: @@ -46,12 +59,8 @@ module API # Example Request: # GET /groups/:id get ":id" do - @group = Group.find(params[:id]) - if current_user.admin or current_user.groups.include? @group - present @group, with: Entities::GroupDetail - else - not_found! - end + group = find_group(params[:id]) + present group, with: Entities::GroupDetail end # Transfer a project to the Group namespace @@ -71,6 +80,58 @@ module API not_found! end end + + # Get a list of group members viewable by the authenticated user. + # + # Example Request: + # GET /groups/:id/members + get ":id/members" do + group = find_group(params[:id]) + members = group.users_groups + users = (paginate members).collect { | member| member.user} + present users, with: Entities::GroupMember, group: group + end + + # Add a user to the list of group members + # + # Parameters: + # id (required) - group id + # user_id (required) - the users id + # access_level (required) - Project access level + # Example Request: + # POST /groups/:id/members + post ":id/members" do + required_attributes! [:user_id, :access_level] + if not validate_access_level?(params[:access_level]) + render_api_error!("Wrong access level", 422) + end + group = find_group(params[:id]) + if group.users_groups.find_by_user_id(params[:user_id]) + render_api_error!("Already exists", 409) + end + group.add_users([params[:user_id]], params[:access_level]) + member = group.users_groups.find_by_user_id(params[:user_id]) + present member.user, with: Entities::GroupMember, group: group + end + + # Remove member. + # + # Parameters: + # id (required) - group id + # user_id (required) - the users id + # + # Example Request: + # DELETE /groups/:id/members/:user_id + delete ":id/members/:user_id" do + group = find_group(params[:id]) + member = group.users_groups.find_by_user_id(params[:user_id]) + if member.nil? + render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}",404) + else + member.destroy + end + end + end end end |