Merge branch 'feature_teams_api' of https://github.com/former03/gitlabhq into former03-feature_teams_api

Conflicts:
	doc/api/README.md

1 files changed, 360 insertions, 0 deletions

diff --git a/spec/requests/api/user_teams_spec.rb b/spec/requests/api/user_teams_spec.rb
new file mode 100644
index 00000000000..68f05b11a83
--- /dev/null
+++ b/spec/requests/api/user_teams_spec.rb
@@ -0,0 +1,360 @@
+require 'spec_helper'
+
+describe API::API do
+  include ApiHelpers
+
+  # Create test objects
+  let(:user1) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:admin) { create(:admin) }
+  let!(:group1) { create(:group, owner: user1) }
+  let!(:group2) { create(:group, owner: user2) }
+  let(:user_team1) { create(:user_team, owner: user1) }
+  let(:user_team2) { create(:user_team, owner: user2) }
+  let!(:project1) { create(:project, creator_id: admin.id) }
+  let!(:project2) { create(:project, creator_id: admin.id) }
+
+
+  before {
+    # Add members to teams
+    user_team1.add_member(user1, UsersProject::MASTER, false)
+    user_team2.add_member(user2, UsersProject::MASTER, false)
+
+    # Add projects to teams
+    user_team1.assign_to_projects([project1.id], UsersProject::MASTER)
+    user_team2.assign_to_projects([project2.id], UsersProject::MASTER)
+
+  }
+
+  describe "GET /user_teams" do
+    context "when unauthenticated" do
+      it "should return authentication error" do
+        get api("/user_teams")
+        response.status.should == 401
+      end
+    end
+
+    context "when authenticated as user" do
+      it "normal user: should return an array of user_teams of user1" do
+        get api("/user_teams", user1)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.length.should == 1
+        json_response.first['name'].should == user_team1.name
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "admin: should return an array of all user_teams" do
+        get api("/user_teams", admin)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.length.should == 2
+      end
+    end
+  end
+
+  describe "GET /user_teams/:id" do
+    context "when authenticated as user" do
+      it "should return one of user1's user_teams" do
+        get api("/user_teams/#{user_team1.id}", user1)
+        response.status.should == 200
+        json_response['name'] == user_team1.name
+      end
+
+      it "should not return a non existing team" do
+        get api("/user_teams/1328", user1)
+        response.status.should == 404
+      end
+
+      it "should not return a user_team not attached to user1" do
+        get api("/user_teams/#{user_team2.id}", user1)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return any existing user_team" do
+        get api("/user_teams/#{user_team2.id}", admin)
+        response.status.should == 200
+        json_response['name'].should == user_team2.name
+      end
+
+      it "should not return a non existing user_team" do
+        get api("/user_teams/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  describe "POST /user_teams" do
+    context "when authenticated as user" do
+      it "should not create user_team" do
+        count_before=UserTeam.count
+        post api("/user_teams", user1), attributes_for(:user_team)
+        response.status.should == 403
+        UserTeam.count.should == count_before
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should create user_team" do
+        count_before=UserTeam.count
+        post api("/user_teams", admin), attributes_for(:user_team)
+        response.status.should == 201
+        UserTeam.count.should == count_before + 1
+      end
+
+      it "should not create user_team, duplicate" do
+        post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path}
+        response.status.should == 404
+      end
+
+      it "should return 400 bad request error if name not given" do
+        post api("/user_teams", admin), {:path => user_team2.path}
+        response.status.should == 400
+      end
+
+      it "should return 400 bad request error if path not given" do
+        post api("/user_teams", admin), {:name => 'test'}
+        response.status.should == 400
+      end
+    end
+  end
+
+  # Members
+
+  describe "GET /user_teams/:id/members" do
+    context "when authenticated as user" do
+      it "should return user1 as member of user1's user_teams" do
+        get api("/user_teams/#{user_team1.id}/members", user1)
+        response.status.should == 200
+        json_response.first['name'].should == user1.name
+        json_response.first['access_level'].should == UsersProject::MASTER
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return member of any existing user_team" do
+        get api("/user_teams/#{user_team2.id}/members", admin)
+        response.status.should == 200
+        json_response.first['name'].should == user2.name
+        json_response.first['access_level'].should == UsersProject::MASTER
+      end
+    end
+  end
+
+  describe "POST /user_teams/:id/members" do
+    context "when authenticated as user" do
+      it "should not add user2 as member of user_team1" do
+        post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return ok and add new member" do
+        count_before=user_team1.user_team_user_relationships.count
+        post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
+        response.status.should == 201
+        json_response['name'].should == user2.name
+        json_response['access_level'].should == UsersProject::MASTER
+        user_team1.user_team_user_relationships.count.should == count_before + 1
+      end
+      it "should return ok if member already exists" do
+        post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
+        response.status.should == 409
+      end
+      it "should return a 400 error when user id is not given" do
+        post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER
+        response.status.should == 400
+      end
+      it "should return a 400 error when access level is not given" do
+        post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id
+        response.status.should == 400
+      end
+
+      it "should return a 422 error when access level is not known" do
+        post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234
+        response.status.should == 422
+      end
+
+    end
+  end
+
+  # Get single member
+  describe "GET /user_teams/:id/members/:user_id" do
+    context "when authenticated as member" do
+      it "should show user1's membership of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
+        response.status.should == 200
+        json_response['name'].should == user1.name
+        json_response['access_level'].should == UsersProject::MASTER
+      end
+      it "should show that user2 is not member of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as non-member" do
+      it "should not show user1's membership of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should show user1's membership of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
+        response.status.should == 200
+        json_response['name'].should == user1.name
+        json_response['access_level'].should == UsersProject::MASTER
+      end
+      it "should return a 404 error when user id is not known" do
+        get api("/user_teams/#{user_team2.id}/members/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  describe "DELETE /user_teams/:id/members/:user_id" do
+    context "when authenticated as user" do
+      it "should not delete user1's membership of user_team1" do
+        delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should delete user1's membership of user_team1" do
+        count_before=user_team1.user_team_user_relationships.count
+        delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
+        response.status.should == 200
+        user_team1.user_team_user_relationships.count.should == count_before - 1
+      end
+      it "should return a 404 error when user id is not known" do
+        delete api("/user_teams/#{user_team2.id}/members/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  # Projects
+
+  describe "GET /user_teams/:id/projects" do
+    context "when authenticated as user" do
+      it "should return project1 as assigned to user_team1 as member user1" do
+        get api("/user_teams/#{user_team1.id}/projects", user1)
+        response.status.should == 200
+        json_response.first['name'].should == project1.name
+        json_response.length.should == user_team1.user_team_project_relationships.count
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return project2 as assigned to user_team2 as non-member, but admin" do
+        get api("/user_teams/#{user_team2.id}/projects", admin)
+        response.status.should == 200
+        json_response.first['name'].should == project2.name
+        json_response.first['greatest_access_level'].should == UsersProject::MASTER
+      end
+    end
+  end
+
+  describe "POST /user_teams/:id/projects" do
+    context "when authenticated as admin" do
+      it "should return ok and add new project" do
+        count_before=user_team1.user_team_project_relationships.count
+        post api("/user_teams/#{user_team1.id}/projects", admin),
+             project_id: project2.id,
+             greatest_access_level: UsersProject::MASTER
+        response.status.should == 201
+        json_response['name'].should == project2.name
+        json_response['greatest_access_level'].should == UsersProject::MASTER
+        user_team1.user_team_project_relationships.count.should == count_before + 1
+      end
+      it "should return ok if project already exists" do
+        post api("/user_teams/#{user_team2.id}/projects", admin),
+             project_id: project2.id,
+             greatest_access_level: UsersProject::MASTER
+        response.status.should == 409
+      end
+      it "should return a 400 error when project id is not given" do
+        post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER
+        response.status.should == 400
+      end
+      it "should return a 400 error when access level is not given" do
+        post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id
+        response.status.should == 400
+      end
+
+      it "should return a 422 error when access level is not known" do
+        post api("/user_teams/#{user_team2.id}/projects", admin),
+             project_id: project2.id,
+             greatest_access_level: 1234
+        response.status.should == 422
+      end
+
+    end
+  end
+
+
+  describe "GET /user_teams/:id/projects/:project_id" do
+    context "when authenticated as member" do
+      it "should show project1's assignment to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1)
+        response.status.should == 200
+        json_response['name'].should == project1.name
+        json_response['greatest_access_level'].should == UsersProject::MASTER
+      end
+      it "should show project2's is not assigned to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as non-member" do
+      it "should not show project1's assignment to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should show project1's assignment to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
+        response.status.should == 200
+        json_response['name'].should == project1.name
+        json_response['greatest_access_level'].should == UsersProject::MASTER
+      end
+      it "should return a 404 error when project id is not known" do
+        get api("/user_teams/#{user_team2.id}/projects/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  describe "DELETE /user_teams/:id/projects/:project_id" do
+    context "when authenticated as user" do
+      it "should not delete project1's assignment to user_team2" do
+        delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should delete project1's assignment to user_team1" do
+        count_before=user_team1.user_team_project_relationships.count
+        delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
+        response.status.should == 200
+        user_team1.user_team_project_relationships.count.should == count_before - 1
+      end
+      it "should return a 404 error when project id is not known" do
+        delete api("/user_teams/#{user_team2.id}/projects/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+end