1 files changed, 5 insertions, 6 deletions

diff --git a/lib/api/group_members.rb b/lib/api/group_members.rb
index ed54c7f6ff0..ab9b7c602b5 100644
--- a/lib/api/group_members.rb
+++ b/lib/api/group_members.rb
@@ -9,8 +9,7 @@ module API
       #  GET /groups/:id/members
       get ":id/members" do
         group = find_group(params[:id])
-        members = group.group_members
-        users = (paginate members).collect(&:user)
+        users = group.users
         present users, with: Entities::GroupMember, group: group
       end
 
@@ -24,7 +23,7 @@ module API
       #  POST /groups/:id/members
       post ":id/members" do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         required_attributes! [:user_id, :access_level]
 
         unless validate_access_level?(params[:access_level])
@@ -35,7 +34,7 @@ module API
           render_api_error!("Already exists", 409)
         end
 
-        group.add_users([params[:user_id]], params[:access_level])
+        group.add_users([params[:user_id]], params[:access_level], current_user)
         member = group.group_members.find_by(user_id: params[:user_id])
         present member.user, with: Entities::GroupMember, group: group
       end
@@ -50,7 +49,7 @@ module API
       #   PUT /groups/:id/members/:user_id
       put ':id/members/:user_id' do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         required_attributes! [:access_level]
 
         group_member = group.group_members.find_by(user_id: params[:user_id])
@@ -74,7 +73,7 @@ module API
       #   DELETE /groups/:id/members/:user_id
       delete ":id/members/:user_id" do
         group = find_group(params[:id])
-        authorize! :manage_group, group
+        authorize! :admin_group, group
         member = group.group_members.find_by(user_id: params[:user_id])
 
         if member.nil?