New AccessRequests API endpoints for Group & Project

Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2016-06-23 17:14:31 +0200
committer: Rémy Coutable <remy@rymai.me> 2016-08-10 19:07:05 +0200
commit: 29850364eccccc3ce7305f6706cea1d5d073de2e (patch)
tree: bbf98c0a621676b7b3f3e58b4618905923ed1454 /lib/api/members.rb
parent: b1aac0382c406b3856db90e15df8b2a9ea7ff6cd (diff)
download: gitlab-ce-29850364eccccc3ce7305f6706cea1d5d073de2e.tar.gz
1 files changed, 124 insertions, 0 deletions
diff --git a/lib/api/members.rb b/lib/api/members.rb
new file mode 100644
index 00000000000..56f8b1ca391
--- /dev/null
+++ b/lib/api/members.rb
@@ -0,0 +1,124 @@
+module API
+  class Members < Grape::API
+    before { authenticate! }
+
+    helpers ::API::Helpers::MembersHelpers
+
+    %w[group project].each do |source_type|
+      resource source_type.pluralize do
+        # Get a list of group/project members viewable by the authenticated user.
+        #
+        # Parameters:
+        #   id (required) - The group/project ID
+        #   query         - Query string
+        #
+        # Example Request:
+        #   GET /groups/:id/members
+        #   GET /projects/:id/members
+        get ":id/members" do
+          source = find_source(source_type, params[:id])
+
+          members = source.members
+          members = members.joins(:user).merge(User.search(params[:query])) if params[:query]
+          users = Kaminari.paginate_array(members.map(&:user))
+
+          present paginate(users), with: Entities::Member, source: source
+        end
+
+        # Get a group/project member
+        #
+        # Parameters:
+        #   id (required) - The group/project ID
+        #   user_id (required) - The user ID of the member
+        #
+        # Example Request:
+        #   GET /groups/:id/members/:user_id
+        #   GET /projects/:id/members/:user_id
+        get ":id/members/:user_id" do
+          source = find_source(source_type, params[:id])
+
+          members = source.members
+          member = members.find_by!(user_id: params[:user_id])
+
+          present member.user, with: Entities::Member, member: member
+        end
+
+        # Add a new group/project member
+        #
+        # Parameters:
+        #   id (required) - The group/project ID
+        #   user_id (required) - The user ID of the new member
+        #   access_level (required) - A valid access level
+        #
+        # Example Request:
+        #   POST /groups/:id/members
+        #   POST /projects/:id/members
+        post ":id/members" do
+          source = find_source(source_type, params[:id])
+          authorize_admin_source!(source_type, source)
+          required_attributes! [:user_id, :access_level]
+
+          access_requester = source.requesters.find_by(user_id: params[:user_id])
+          if access_requester
+            # We pass current_user = access_requester so that the requester doesn't
+            # receive a "access denied" email
+            ::Members::DestroyService.new(access_requester, access_requester.user).execute
+          end
+
+          conflict!('Member already exists') if source.members.exists?(user_id: params[:user_id])
+
+          source.add_user(params[:user_id], params[:access_level], current_user)
+          member = source.members.find_by(user_id: params[:user_id])
+          if member
+            present member.user, with: Entities::Member, member: member
+          else
+            render_api_error!('400 Bad Request', 400)
+          end
+        end
+
+        # Update a group/project member
+        #
+        # Parameters:
+        #   id (required) - The group/project ID
+        #   user_id (required) - The user ID of the member
+        #   access_level (required) - A valid access level
+        #
+        # Example Request:
+        #   PUT /groups/:id/members/:user_id
+        #   PUT /projects/:id/members/:user_id
+        put ":id/members/:user_id" do
+          source = find_source(source_type, params[:id])
+          authorize_admin_source!(source_type, source)
+          required_attributes! [:user_id, :access_level]
+
+          member = source.members.find_by!(user_id: params[:user_id])
+
+          if member.update_attributes(access_level: params[:access_level])
+            present member.user, with: Entities::Member, member: member
+          else
+            render_validation_error!(member)
+          end
+        end
+
+        # Remove a group/project member
+        #
+        # Parameters:
+        #   id (required) - The group/project ID
+        #   user_id (required) - The user ID of the member
+        #
+        # Example Request:
+        #   DELETE /groups/:id/members/:user_id
+        #   DELETE /projects/:id/members/:user_id
+        delete ":id/members/:user_id" do
+          source = find_source(source_type, params[:id])
+          required_attributes! [:user_id]
+
+          member = source.members.find_by!(user_id: params[:user_id])
+
+          ::Members::DestroyService.new(member, current_user).execute
+          status :no_content
+        end
+      end
+    end
+  end
+end
author	Rémy Coutable <remy@rymai.me>	2016-06-23 17:14:31 +0200
committer	Rémy Coutable <remy@rymai.me>	2016-08-10 19:07:05 +0200
commit	29850364eccccc3ce7305f6706cea1d5d073de2e (patch)
tree	bbf98c0a621676b7b3f3e58b4618905923ed1454 /lib/api/members.rb
parent	b1aac0382c406b3856db90e15df8b2a9ea7ff6cd (diff)
download	gitlab-ce-29850364eccccc3ce7305f6706cea1d5d073de2e.tar.gz