Merge branch 'invitation' into 'master'

Allow users to be invited.

Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2058.

The "Add members" panes for both Group Members and Project Members have gained a line of text by the People field.

![Screen_Shot_2015-04-10_at_14.14.32](https://gitlab.com/gitlab-org/gitlab-ce/uploads/fe990e65eccd9203d7324b492941362b/Screen_Shot_2015-04-10_at_14.14.32.png)

Entering an email address that is not already a member will give you the option to invite them.

![Screen_Shot_2015-04-10_at_14.14.48](https://gitlab.com/gitlab-org/gitlab-ce/uploads/d6b0d4571ea90f2a2e4af8f5b336e8e1/Screen_Shot_2015-04-10_at_14.14.48.png)

Choosing the option will add them to the People field. This works the right way (TM) in combination with adding existing users as members.

![Screen_Shot_2015-04-10_at_14.15.09](https://gitlab.com/gitlab-org/gitlab-ce/uploads/a618e5ec292d79578b16400dca6d4cfe/Screen_Shot_2015-04-10_at_14.15.09.png)

The invited member will be shown in the members list as such. The access level can be changed, and the invite can be revoked by deleting the member.

![Screen_Shot_2015-04-10_at_14.15.19](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3695b9a6778d367b275115747579b46e/Screen_Shot_2015-04-10_at_14.15.19.png)

The invited user will receive an email with an "Accept invitation" link.

![Screen_Shot_2015-04-10_at_14.17.52](https://gitlab.com/gitlab-org/gitlab-ce/uploads/730121888153117d83c3cd0e4f5c90f6/Screen_Shot_2015-04-10_at_14.17.52.png)

If they're not already logged in, clicking this link will redirect them to the sign in/up page with a helpful notice.

![Screen_Shot_2015-04-10_at_14.18.12](https://gitlab.com/gitlab-org/gitlab-ce/uploads/1a26a5fa13321e7ef77ed8b538c8557d/Screen_Shot_2015-04-10_at_14.18.12.png)

Signing in or signing up will redirect them back to the invite detail page, where they can actually accept the invitation, which will update the member record in question to point to the user in question.

![Screen_Shot_2015-04-10_at_14.18.48](https://gitlab.com/gitlab-org/gitlab-ce/uploads/7ac33085463a99b8cfa6baa13bfa1235/Screen_Shot_2015-04-10_at_14.18.48.png)

Accepting the invitation will redirect them to the group (or project) with an appropriate notice.

![Screen_Shot_2015-04-10_at_14.18.58](https://gitlab.com/gitlab-org/gitlab-ce/uploads/7bf02a2e3bea589a11df401c23e68648/Screen_Shot_2015-04-10_at_14.18.58.png)

As currently, they will also receive this information by email.

![Screen_Shot_2015-04-10_at_14.24.00](https://gitlab.com/gitlab-org/gitlab-ce/uploads/b44a342068433a268c0a06ed9e791ffa/Screen_Shot_2015-04-10_at_14.24.00.png)

At the same time, the person who initially invited the email address is sent a notification as well, so they know of the new member and to tell them what name the user signed up with.

![Screen_Shot_2015-04-10_at_14.19.07](https://gitlab.com/gitlab-org/gitlab-ce/uploads/b29fea128186f938ec76bd7dec016b83/Screen_Shot_2015-04-10_at_14.19.07.png)

The member row on the Members page will now have been updated with the new user account.

![Screen_Shot_2015-04-10_at_14.19.23](https://gitlab.com/gitlab-org/gitlab-ce/uploads/cf503d3d1679614e03acec2e946a28c3/Screen_Shot_2015-04-10_at_14.19.23.png)

See merge request !500

2 files changed, 6 insertions, 7 deletions

diff --git a/lib/api/group_members.rb b/lib/api/group_members.rb
index ed54c7f6ff0..ab9b7c602b5 100644
--- a/lib/api/group_members.rb
+++ b/lib/api/group_members.rb
@@ -9,8 +9,7 @@ module API
       #  GET /groups/:id/members
       get ":id/members" do
         group = find_group(params[:id])
-        members = group.group_members
-        users = (paginate members).collect(&:user)
+        users = group.users
         present users, with: Entities::GroupMember, group: group
       end
 
@@ -24,7 +23,7 @@ module API
       #  POST /groups/:id/members
       post ":id/members" do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         required_attributes! [:user_id, :access_level]
 
         unless validate_access_level?(params[:access_level])
@@ -35,7 +34,7 @@ module API
           render_api_error!("Already exists", 409)
         end
 
-        group.add_users([params[:user_id]], params[:access_level])
+        group.add_users([params[:user_id]], params[:access_level], current_user)
         member = group.group_members.find_by(user_id: params[:user_id])
         present member.user, with: Entities::GroupMember, group: group
       end
@@ -50,7 +49,7 @@ module API
       #   PUT /groups/:id/members/:user_id
       put ':id/members/:user_id' do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         required_attributes! [:access_level]
 
         group_member = group.group_members.find_by(user_id: params[:user_id])
@@ -74,7 +73,7 @@ module API
       #   DELETE /groups/:id/members/:user_id
       delete ":id/members/:user_id" do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         member = group.group_members.find_by(user_id: params[:user_id])
 
         if member.nil?
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index a92abd4b690..8cb9f920975 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -61,7 +61,7 @@ module API
       #   DELETE /groups/:id
       delete ":id" do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         group.destroy
       end