diff options
| -rw-r--r-- | lib/api/groups.rb | 7 | ||||
| -rw-r--r-- | spec/requests/api/groups_spec.rb | 8 |
2 files changed, 10 insertions, 5 deletions
diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 54393740867..396554404af 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -14,9 +14,10 @@ module API end end def validate_access_level?(level) - [UsersGroup::GUEST, UsersGroup::REPORTER, UsersGroup::DEVELOPER, UsersGroup::MASTER].include? level.to_i + Gitlab::Access.options_with_owner.values.include? level.to_i end end + # Get a groups list # # Example Request: @@ -88,7 +89,7 @@ module API get ":id/members" do group = find_group(params[:id]) members = group.users_groups - users = (paginate members).collect { | member| member.user} + users = (paginate members).collect(&:user) present users, with: Entities::GroupMember, group: group end @@ -102,7 +103,7 @@ module API # POST /groups/:id/members post ":id/members" do required_attributes! [:user_id, :access_level] - if not validate_access_level?(params[:access_level]) + unless validate_access_level?(params[:access_level]) render_api_error!("Wrong access level", 422) end group = find_group(params[:id]) diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 51d6384a261..f7fd27523b0 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -108,7 +108,6 @@ describe API::API do Project.stub(:find).and_return(project) end - context "when authenticated as user" do it "should not transfer project to group" do post api("/groups/#{group1.id}/projects/#{project.id}", user2) @@ -139,6 +138,7 @@ describe API::API do group end let!(:group_no_members) { create(:group, owner: owner) } + describe "GET /groups/:id/members" do context "when authenticated as user that is part or the group" do it "each user: should return an array of members groups of group3" do @@ -154,6 +154,7 @@ describe API::API do json_response.find { |e| e['id']==guest.id }['access_level'].should == UsersGroup::GUEST end end + it "users not part of the group should get access error" do get api("/groups/#{group_with_members.id}/members", user1) response.status.should == 403 @@ -179,14 +180,17 @@ describe API::API do json_response['access_level'].should == UsersGroup::MASTER group_no_members.users_groups.count.should == count_before + 1 end + it "should return error if member already exists" do post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: UsersGroup::MASTER response.status.should == 409 end + it "should return a 400 error when user id is not given" do post api("/groups/#{group_no_members.id}/members", owner), access_level: UsersGroup::MASTER response.status.should == 400 end + it "should return a 400 error when access level is not given" do post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id response.status.should == 400 @@ -196,7 +200,6 @@ describe API::API do post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234 response.status.should == 422 end - end end @@ -216,6 +219,7 @@ describe API::API do response.status.should == 200 group_with_members.users_groups.count.should == count_before - 1 end + it "should return a 404 error when user id is not known" do delete api("/groups/#{group_with_members.id}/members/1328", owner) response.status.should == 404 |