3 files changed, 114 insertions, 0 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 5cbb1118a89..c1873d87b55 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -32,6 +32,15 @@ module Gitlab
       end
     end
 
+    class Group < Grape::Entity
+      expose :id, :name, :path, :owner_id
+    end
+    
+    class GroupDetail < Group
+      expose :projects, using: Entities::Project
+    end
+
+    
     class RepoObject < Grape::Entity
       expose :name, :commit
       expose :protected do |repo, options|
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
new file mode 100644
index 00000000000..a67caef0bc5
--- /dev/null
+++ b/lib/api/groups.rb
@@ -0,0 +1,56 @@
+module Gitlab
+  # groups API
+  class Groups < Grape::API
+    before { authenticate! }
+
+    resource :groups do
+      # Get a groups list
+      #
+      # Example Request:
+      #  GET /groups
+      get do
+        if current_user.admin
+          @groups = paginate Group
+        else
+          @groups = paginate current_user.groups
+        end
+        present @groups, with: Entities::Group
+      end
+
+      # Create group. Available only for admin
+      #
+      # Parameters:
+      #   name (required)                   - Name
+      #   path (required)                   - Path
+      # Example Request:
+      #   POST /groups
+      post do
+        authenticated_as_admin!
+        attrs = attributes_for_keys [:name, :path]
+        @group = Group.new(attrs)
+        @group.owner = current_user
+
+        if @group.save
+          present @group, with: Entities::Group
+        else
+          not_found!
+        end
+      end
+
+      # Get a single group, with containing projects
+      #
+      # Parameters:
+      #   id (required) - The ID of a group
+      # Example Request:
+      #   GET /groups/:id
+      get ":id" do
+        @group = Group.find(params[:id])
+        if current_user.admin or current_user.groups.include? @group
+          present @group, with: Entities::GroupDetail
+        else
+          not_found!
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
new file mode 100644
index 00000000000..3e5e3a478ba
--- /dev/null
+++ b/lib/api/internal.rb
@@ -0,0 +1,49 @@
+module Gitlab
+  # Internal access API
+  class Internal < Grape::API
+    namespace 'internal' do
+      #
+      # Check if ssh key has access to project code
+      #
+      get "/allowed" do
+        key = Key.find(params[:key_id])
+        project = Project.find_with_namespace(params[:project])
+        git_cmd = params[:action]
+
+        if key.is_deploy_key
+          project == key.project && git_cmd == 'git-upload-pack'
+        else
+          user = key.user
+          action = case git_cmd
+                   when 'git-upload-pack'
+                     then :download_code
+                   when 'git-receive-pack'
+                     then
+                     if project.protected_branch?(params[:ref])
+                       :push_code_to_protected_branches
+                     else
+                       :push_code
+                     end
+                   end
+
+          user.can?(action, project)
+        end
+      end
+
+      #
+      # Discover user by ssh key
+      #
+      get "/discover" do
+        key = Key.find(params[:key_id])
+        present key.user, with: Entities::User
+      end
+
+      get "/check" do
+        {
+          api_version: '3'
+        }
+      end
+    end
+  end
+end
+