diff options
Diffstat (limited to 'lib/api')
39 files changed, 5 insertions, 5362 deletions
diff --git a/lib/api/api.rb b/lib/api/api.rb index 206fabe5c43..7ea575a9661 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -22,48 +22,14 @@ module API allow_access_with_scope :api prefix :api - version %w(v3 v4), using: :path - version 'v3', using: :path do - helpers ::API::V3::Helpers - helpers ::API::Helpers::CommonHelpers - - mount ::API::V3::AwardEmoji - mount ::API::V3::Boards - mount ::API::V3::Branches - mount ::API::V3::BroadcastMessages - mount ::API::V3::Builds - mount ::API::V3::Commits - mount ::API::V3::DeployKeys - mount ::API::V3::Environments - mount ::API::V3::Files - mount ::API::V3::Groups - mount ::API::V3::Issues - mount ::API::V3::Labels - mount ::API::V3::Members - mount ::API::V3::MergeRequestDiffs - mount ::API::V3::MergeRequests - mount ::API::V3::Notes - mount ::API::V3::Pipelines - mount ::API::V3::ProjectHooks - mount ::API::V3::Milestones - mount ::API::V3::Projects - mount ::API::V3::ProjectSnippets - mount ::API::V3::Repositories - mount ::API::V3::Runners - mount ::API::V3::Services - mount ::API::V3::Settings - mount ::API::V3::Snippets - mount ::API::V3::Subscriptions - mount ::API::V3::SystemHooks - mount ::API::V3::Tags - mount ::API::V3::Templates - mount ::API::V3::Todos - mount ::API::V3::Triggers - mount ::API::V3::Users - mount ::API::V3::Variables + route :any, '*path' do + error!('API V3 is no longer supported. Use API V4 instead.', 410) + end end + version 'v4', using: :path + before do header['X-Frame-Options'] = 'SAMEORIGIN' header['X-Content-Type-Options'] = 'nosniff' diff --git a/lib/api/v3/award_emoji.rb b/lib/api/v3/award_emoji.rb deleted file mode 100644 index b96b2d70b12..00000000000 --- a/lib/api/v3/award_emoji.rb +++ /dev/null @@ -1,130 +0,0 @@ -module API - module V3 - class AwardEmoji < Grape::API - include PaginationParams - - before { authenticate! } - AWARDABLES = %w[issue merge_request snippet].freeze - - resource :projects, requirements: { id: %r{[^/]+} } do - AWARDABLES.each do |awardable_type| - awardable_string = awardable_type.pluralize - awardable_id_string = "#{awardable_type}_id" - - params do - requires :id, type: String, desc: 'The ID of a project' - requires :"#{awardable_id_string}", type: Integer, desc: "The ID of an Issue, Merge Request or Snippet" - end - - [ - ":id/#{awardable_string}/:#{awardable_id_string}/award_emoji", - ":id/#{awardable_string}/:#{awardable_id_string}/notes/:note_id/award_emoji" - ].each do |endpoint| - - desc 'Get a list of project +awardable+ award emoji' do - detail 'This feature was introduced in 8.9' - success Entities::AwardEmoji - end - params do - use :pagination - end - get endpoint do - if can_read_awardable? - awards = awardable.award_emoji - present paginate(awards), with: Entities::AwardEmoji - else - not_found!("Award Emoji") - end - end - - desc 'Get a specific award emoji' do - detail 'This feature was introduced in 8.9' - success Entities::AwardEmoji - end - params do - requires :award_id, type: Integer, desc: 'The ID of the award' - end - get "#{endpoint}/:award_id" do - if can_read_awardable? - present awardable.award_emoji.find(params[:award_id]), with: Entities::AwardEmoji - else - not_found!("Award Emoji") - end - end - - desc 'Award a new Emoji' do - detail 'This feature was introduced in 8.9' - success Entities::AwardEmoji - end - params do - requires :name, type: String, desc: 'The name of a award_emoji (without colons)' - end - post endpoint do - not_found!('Award Emoji') unless can_read_awardable? && can_award_awardable? - - award = awardable.create_award_emoji(params[:name], current_user) - - if award.persisted? - present award, with: Entities::AwardEmoji - else - not_found!("Award Emoji #{award.errors.messages}") - end - end - - desc 'Delete a +awardables+ award emoji' do - detail 'This feature was introduced in 8.9' - success Entities::AwardEmoji - end - params do - requires :award_id, type: Integer, desc: 'The ID of an award emoji' - end - delete "#{endpoint}/:award_id" do - award = awardable.award_emoji.find(params[:award_id]) - - unauthorized! unless award.user == current_user || current_user.admin? - - award.destroy - present award, with: Entities::AwardEmoji - end - end - end - end - - helpers do - def can_read_awardable? - can?(current_user, read_ability(awardable), awardable) - end - - def can_award_awardable? - awardable.user_can_award?(current_user, params[:name]) - end - - def awardable - @awardable ||= - begin - if params.include?(:note_id) - note_id = params.delete(:note_id) - - awardable.notes.find(note_id) - elsif params.include?(:issue_id) - user_project.issues.find(params[:issue_id]) - elsif params.include?(:merge_request_id) - user_project.merge_requests.find(params[:merge_request_id]) - else - user_project.snippets.find(params[:snippet_id]) - end - end - end - - def read_ability(awardable) - case awardable - when Note - read_ability(awardable.noteable) - else - :"read_#{awardable.class.to_s.underscore}" - end - end - end - end - end -end diff --git a/lib/api/v3/boards.rb b/lib/api/v3/boards.rb deleted file mode 100644 index 94acc67171e..00000000000 --- a/lib/api/v3/boards.rb +++ /dev/null @@ -1,72 +0,0 @@ -module API - module V3 - class Boards < Grape::API - before { authenticate! } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get all project boards' do - detail 'This feature was introduced in 8.13' - success ::API::Entities::Board - end - get ':id/boards' do - authorize!(:read_board, user_project) - present user_project.boards, with: ::API::Entities::Board - end - - params do - requires :board_id, type: Integer, desc: 'The ID of a board' - end - segment ':id/boards/:board_id' do - helpers do - def project_board - board = user_project.boards.first - - if params[:board_id] == board.id - board - else - not_found!('Board') - end - end - - def board_lists - project_board.lists.destroyable - end - end - - desc 'Get the lists of a project board' do - detail 'Does not include `done` list. This feature was introduced in 8.13' - success ::API::Entities::List - end - get '/lists' do - authorize!(:read_board, user_project) - present board_lists, with: ::API::Entities::List - end - - desc 'Delete a board list' do - detail 'This feature was introduced in 8.13' - success ::API::Entities::List - end - params do - requires :list_id, type: Integer, desc: 'The ID of a board list' - end - delete "/lists/:list_id" do - authorize!(:admin_list, user_project) - - list = board_lists.find(params[:list_id]) - - service = ::Boards::Lists::DestroyService.new(user_project, current_user) - - if service.execute(list) - present list, with: ::API::Entities::List - else - render_api_error!({ error: 'List could not be deleted!' }, 400) - end - end - end - end - end - end -end diff --git a/lib/api/v3/branches.rb b/lib/api/v3/branches.rb deleted file mode 100644 index 25176c5b38e..00000000000 --- a/lib/api/v3/branches.rb +++ /dev/null @@ -1,76 +0,0 @@ -require 'mime/types' - -module API - module V3 - class Branches < Grape::API - before { authenticate! } - before { authorize! :download_code, user_project } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get a project repository branches' do - success ::API::Entities::Branch - end - get ":id/repository/branches" do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42276') - - repository = user_project.repository - branches = repository.branches.sort_by(&:name) - merged_branch_names = repository.merged_branch_names(branches.map(&:name)) - - present branches, with: ::API::Entities::Branch, project: user_project, merged_branch_names: merged_branch_names - end - - desc 'Delete a branch' - params do - requires :branch, type: String, desc: 'The name of the branch' - end - delete ":id/repository/branches/:branch", requirements: { branch: /.+/ } do - authorize_push_project - - result = DeleteBranchService.new(user_project, current_user) - .execute(params[:branch]) - - if result[:status] == :success - status(200) - { - branch_name: params[:branch] - } - else - render_api_error!(result[:message], result[:return_code]) - end - end - - desc 'Delete all merged branches' - delete ":id/repository/merged_branches" do - DeleteMergedBranchesService.new(user_project, current_user).async_execute - - status(200) - end - - desc 'Create branch' do - success ::API::Entities::Branch - end - params do - requires :branch_name, type: String, desc: 'The name of the branch' - requires :ref, type: String, desc: 'Create branch from commit sha or existing branch' - end - post ":id/repository/branches" do - authorize_push_project - result = CreateBranchService.new(user_project, current_user) - .execute(params[:branch_name], params[:ref]) - - if result[:status] == :success - present result[:branch], - with: ::API::Entities::Branch, - project: user_project - else - render_api_error!(result[:message], 400) - end - end - end - end - end -end diff --git a/lib/api/v3/broadcast_messages.rb b/lib/api/v3/broadcast_messages.rb deleted file mode 100644 index 417e4ad0b26..00000000000 --- a/lib/api/v3/broadcast_messages.rb +++ /dev/null @@ -1,31 +0,0 @@ -module API - module V3 - class BroadcastMessages < Grape::API - include PaginationParams - - before { authenticate! } - before { authenticated_as_admin! } - - resource :broadcast_messages do - helpers do - def find_message - BroadcastMessage.find(params[:id]) - end - end - - desc 'Delete a broadcast message' do - detail 'This feature was introduced in GitLab 8.12.' - success ::API::Entities::BroadcastMessage - end - params do - requires :id, type: Integer, desc: 'Broadcast message ID' - end - delete ':id' do - message = find_message - - present message.destroy, with: ::API::Entities::BroadcastMessage - end - end - end - end -end diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb deleted file mode 100644 index b49448e1e67..00000000000 --- a/lib/api/v3/builds.rb +++ /dev/null @@ -1,250 +0,0 @@ -module API - module V3 - class Builds < Grape::API - include PaginationParams - - before { authenticate! } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do - helpers do - params :optional_scope do - optional :scope, types: [String, Array[String]], desc: 'The scope of builds to show', - values: %w(pending running failed success canceled skipped), - coerce_with: ->(scope) { - if scope.is_a?(String) - [scope] - elsif scope.is_a?(::Hash) - scope.values - else - ['unknown'] - end - } - end - end - - desc 'Get a project builds' do - success ::API::V3::Entities::Build - end - params do - use :optional_scope - use :pagination - end - get ':id/builds' do - builds = user_project.builds.order('id DESC') - builds = filter_builds(builds, params[:scope]) - - builds = builds.preload(:user, :job_artifacts_archive, :runner, pipeline: :project) - present paginate(builds), with: ::API::V3::Entities::Build - end - - desc 'Get builds for a specific commit of a project' do - success ::API::V3::Entities::Build - end - params do - requires :sha, type: String, desc: 'The SHA id of a commit' - use :optional_scope - use :pagination - end - get ':id/repository/commits/:sha/builds' do - authorize_read_builds! - - break not_found! unless user_project.commit(params[:sha]) - - pipelines = user_project.pipelines.where(sha: params[:sha]) - builds = user_project.builds.where(pipeline: pipelines).order('id DESC') - builds = filter_builds(builds, params[:scope]) - - present paginate(builds), with: ::API::V3::Entities::Build - end - - desc 'Get a specific build of a project' do - success ::API::V3::Entities::Build - end - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - get ':id/builds/:build_id' do - authorize_read_builds! - - build = get_build!(params[:build_id]) - - present build, with: ::API::V3::Entities::Build - end - - desc 'Download the artifacts file from build' do - detail 'This feature was introduced in GitLab 8.5' - end - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - get ':id/builds/:build_id/artifacts' do - authorize_read_builds! - - build = get_build!(params[:build_id]) - - present_carrierwave_file!(build.artifacts_file) - end - - desc 'Download the artifacts file from build' do - detail 'This feature was introduced in GitLab 8.10' - end - params do - requires :ref_name, type: String, desc: 'The ref from repository' - requires :job, type: String, desc: 'The name for the build' - end - get ':id/builds/artifacts/:ref_name/download', - requirements: { ref_name: /.+/ } do - authorize_read_builds! - - builds = user_project.latest_successful_builds_for(params[:ref_name]) - latest_build = builds.find_by!(name: params[:job]) - - present_carrierwave_file!(latest_build.artifacts_file) - end - - # TODO: We should use `present_disk_file!` and leave this implementation for backward compatibility (when build trace - # is saved in the DB instead of file). But before that, we need to consider how to replace the value of - # `runners_token` with some mask (like `xxxxxx`) when sending trace file directly by workhorse. - desc 'Get a trace of a specific build of a project' - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - get ':id/builds/:build_id/trace' do - authorize_read_builds! - - build = get_build!(params[:build_id]) - - header 'Content-Disposition', "infile; filename=\"#{build.id}.log\"" - content_type 'text/plain' - env['api.format'] = :binary - - trace = build.trace.raw - body trace - end - - desc 'Cancel a specific build of a project' do - success ::API::V3::Entities::Build - end - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - post ':id/builds/:build_id/cancel' do - authorize_update_builds! - - build = get_build!(params[:build_id]) - authorize!(:update_build, build) - - build.cancel - - present build, with: ::API::V3::Entities::Build - end - - desc 'Retry a specific build of a project' do - success ::API::V3::Entities::Build - end - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - post ':id/builds/:build_id/retry' do - authorize_update_builds! - - build = get_build!(params[:build_id]) - authorize!(:update_build, build) - break forbidden!('Build is not retryable') unless build.retryable? - - build = Ci::Build.retry(build, current_user) - - present build, with: ::API::V3::Entities::Build - end - - desc 'Erase build (remove artifacts and build trace)' do - success ::API::V3::Entities::Build - end - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - post ':id/builds/:build_id/erase' do - authorize_update_builds! - - build = get_build!(params[:build_id]) - authorize!(:erase_build, build) - break forbidden!('Build is not erasable!') unless build.erasable? - - build.erase(erased_by: current_user) - present build, with: ::API::V3::Entities::Build - end - - desc 'Keep the artifacts to prevent them from being deleted' do - success ::API::V3::Entities::Build - end - params do - requires :build_id, type: Integer, desc: 'The ID of a build' - end - post ':id/builds/:build_id/artifacts/keep' do - authorize_update_builds! - - build = get_build!(params[:build_id]) - authorize!(:update_build, build) - break not_found!(build) unless build.artifacts? - - build.keep_artifacts! - - status 200 - present build, with: ::API::V3::Entities::Build - end - - desc 'Trigger a manual build' do - success ::API::V3::Entities::Build - detail 'This feature was added in GitLab 8.11' - end - params do - requires :build_id, type: Integer, desc: 'The ID of a Build' - end - post ":id/builds/:build_id/play" do - authorize_read_builds! - - build = get_build!(params[:build_id]) - authorize!(:update_build, build) - bad_request!("Unplayable Job") unless build.playable? - - build.play(current_user) - - status 200 - present build, with: ::API::V3::Entities::Build - end - end - - helpers do - def find_build(id) - user_project.builds.find_by(id: id.to_i) - end - - def get_build!(id) - find_build(id) || not_found! - end - - def filter_builds(builds, scope) - return builds if scope.nil? || scope.empty? - - available_statuses = ::CommitStatus::AVAILABLE_STATUSES - - unknown = scope - available_statuses - render_api_error!('Scope contains invalid value(s)', 400) unless unknown.empty? - - builds.where(status: available_statuses && scope) - end - - def authorize_read_builds! - authorize! :read_build, user_project - end - - def authorize_update_builds! - authorize! :update_build, user_project - end - end - end - end -end diff --git a/lib/api/v3/commits.rb b/lib/api/v3/commits.rb deleted file mode 100644 index 4f6ea8f502e..00000000000 --- a/lib/api/v3/commits.rb +++ /dev/null @@ -1,199 +0,0 @@ -require 'mime/types' - -module API - module V3 - class Commits < Grape::API - include PaginationParams - - before { authenticate! } - before { authorize! :download_code, user_project } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do - desc 'Get a project repository commits' do - success ::API::Entities::Commit - end - params do - optional :ref_name, type: String, desc: 'The name of a repository branch or tag, if not given the default branch is used' - optional :since, type: DateTime, desc: 'Only commits after or in this date will be returned' - optional :until, type: DateTime, desc: 'Only commits before or in this date will be returned' - optional :page, type: Integer, default: 0, desc: 'The page for pagination' - optional :per_page, type: Integer, default: 20, desc: 'The number of results per page' - optional :path, type: String, desc: 'The file path' - end - get ":id/repository/commits" do - ref = params[:ref_name] || user_project.try(:default_branch) || 'master' - offset = params[:page] * params[:per_page] - - commits = user_project.repository.commits(ref, - path: params[:path], - limit: params[:per_page], - offset: offset, - after: params[:since], - before: params[:until]) - - present commits, with: ::API::Entities::Commit - end - - desc 'Commit multiple file changes as one commit' do - success ::API::Entities::CommitDetail - detail 'This feature was introduced in GitLab 8.13' - end - params do - requires :branch_name, type: String, desc: 'The name of branch' - requires :commit_message, type: String, desc: 'Commit message' - requires :actions, type: Array[Hash], desc: 'Actions to perform in commit' - optional :author_email, type: String, desc: 'Author email for commit' - optional :author_name, type: String, desc: 'Author name for commit' - end - post ":id/repository/commits" do - authorize! :push_code, user_project - - attrs = declared_params.dup - branch = attrs.delete(:branch_name) - attrs.merge!(start_branch: branch, branch_name: branch) - - result = ::Files::MultiService.new(user_project, current_user, attrs).execute - - if result[:status] == :success - commit_detail = user_project.repository.commits(result[:result], limit: 1).first - present commit_detail, with: ::API::Entities::CommitDetail - else - render_api_error!(result[:message], 400) - end - end - - desc 'Get a specific commit of a project' do - success ::API::Entities::CommitDetail - failure [[404, 'Not Found']] - end - params do - requires :sha, type: String, desc: 'A commit sha, or the name of a branch or tag' - optional :stats, type: Boolean, default: true, desc: 'Include commit stats' - end - get ":id/repository/commits/:sha", requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - commit = user_project.commit(params[:sha]) - - not_found! "Commit" unless commit - - present commit, with: ::API::Entities::CommitDetail, stats: params[:stats] - end - - desc 'Get the diff for a specific commit of a project' do - failure [[404, 'Not Found']] - end - params do - requires :sha, type: String, desc: 'A commit sha, or the name of a branch or tag' - end - get ":id/repository/commits/:sha/diff", requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - commit = user_project.commit(params[:sha]) - - not_found! "Commit" unless commit - - commit.raw_diffs.to_a - end - - desc "Get a commit's comments" do - success ::API::Entities::CommitNote - failure [[404, 'Not Found']] - end - params do - use :pagination - requires :sha, type: String, desc: 'A commit sha, or the name of a branch or tag' - end - get ':id/repository/commits/:sha/comments', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - commit = user_project.commit(params[:sha]) - - not_found! 'Commit' unless commit - notes = commit.notes.order(:created_at) - - present paginate(notes), with: ::API::Entities::CommitNote - end - - desc 'Cherry pick commit into a branch' do - detail 'This feature was introduced in GitLab 8.15' - success ::API::Entities::Commit - end - params do - requires :sha, type: String, desc: 'A commit sha to be cherry picked' - requires :branch, type: String, desc: 'The name of the branch' - end - post ':id/repository/commits/:sha/cherry_pick', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - authorize! :push_code, user_project - - commit = user_project.commit(params[:sha]) - not_found!('Commit') unless commit - - branch = user_project.repository.find_branch(params[:branch]) - not_found!('Branch') unless branch - - commit_params = { - commit: commit, - start_branch: params[:branch], - branch_name: params[:branch] - } - - result = ::Commits::CherryPickService.new(user_project, current_user, commit_params).execute - - if result[:status] == :success - branch = user_project.repository.find_branch(params[:branch]) - present user_project.repository.commit(branch.dereferenced_target), with: ::API::Entities::Commit - else - render_api_error!(result[:message], 400) - end - end - - desc 'Post comment to commit' do - success ::API::Entities::CommitNote - end - params do - requires :sha, type: String, regexp: /\A\h{6,40}\z/, desc: "The commit's SHA" - requires :note, type: String, desc: 'The text of the comment' - optional :path, type: String, desc: 'The file path' - given :path do - requires :line, type: Integer, desc: 'The line number' - requires :line_type, type: String, values: %w(new old), default: 'new', desc: 'The type of the line' - end - end - post ':id/repository/commits/:sha/comments', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - commit = user_project.commit(params[:sha]) - not_found! 'Commit' unless commit - - opts = { - note: params[:note], - noteable_type: 'Commit', - commit_id: commit.id - } - - if params[:path] - commit.raw_diffs(limits: false).each do |diff| - next unless diff.new_path == params[:path] - - lines = Gitlab::Diff::Parser.new.parse(diff.diff.each_line) - - lines.each do |line| - next unless line.new_pos == params[:line] && line.type == params[:line_type] - - break opts[:line_code] = Gitlab::Git.diff_line_code(diff.new_path, line.new_pos, line.old_pos) - end - - break if opts[:line_code] - end - - opts[:type] = LegacyDiffNote.name if opts[:line_code] - end - - note = ::Notes::CreateService.new(user_project, current_user, opts).execute - - if note.save - present note, with: ::API::Entities::CommitNote - else - render_api_error!("Failed to save note #{note.errors.messages}", 400) - end - end - end - end - end -end diff --git a/lib/api/v3/deploy_keys.rb b/lib/api/v3/deploy_keys.rb deleted file mode 100644 index 47e54ca85a5..00000000000 --- a/lib/api/v3/deploy_keys.rb +++ /dev/null @@ -1,143 +0,0 @@ -module API - module V3 - class DeployKeys < Grape::API - before { authenticate! } - - helpers do - def add_deploy_keys_project(project, attrs = {}) - project.deploy_keys_projects.create(attrs) - end - - def find_by_deploy_key(project, key_id) - project.deploy_keys_projects.find_by!(deploy_key: key_id) - end - end - - get "deploy_keys" do - authenticated_as_admin! - - keys = DeployKey.all - present keys, with: ::API::Entities::SSHKey - end - - params do - requires :id, type: String, desc: 'The ID of the project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - before { authorize_admin_project } - - %w(keys deploy_keys).each do |path| - desc "Get a specific project's deploy keys" do - success ::API::Entities::DeployKeysProject - end - get ":id/#{path}" do - keys = user_project.deploy_keys_projects.preload(:deploy_key) - - present keys, with: ::API::Entities::DeployKeysProject - end - - desc 'Get single deploy key' do - success ::API::Entities::DeployKeysProject - end - params do - requires :key_id, type: Integer, desc: 'The ID of the deploy key' - end - get ":id/#{path}/:key_id" do - key = find_by_deploy_key(user_project, params[:key_id]) - - present key, with: ::API::Entities::DeployKeysProject - end - - desc 'Add new deploy key to currently authenticated user' do - success ::API::Entities::DeployKeysProject - end - params do - requires :key, type: String, desc: 'The new deploy key' - requires :title, type: String, desc: 'The name of the deploy key' - optional :can_push, type: Boolean, desc: "Can deploy key push to the project's repository" - end - post ":id/#{path}" do - params[:key].strip! - - # Check for an existing key joined to this project - key = user_project.deploy_keys_projects - .joins(:deploy_key) - .find_by(keys: { key: params[:key] }) - - if key - present key, with: ::API::Entities::DeployKeysProject - break - end - - # Check for available deploy keys in other projects - key = current_user.accessible_deploy_keys.find_by(key: params[:key]) - if key - added_key = add_deploy_keys_project(user_project, deploy_key: key, can_push: !!params[:can_push]) - - present added_key, with: ::API::Entities::DeployKeysProject - break - end - - # Create a new deploy key - key_attributes = { can_push: !!params[:can_push], - deploy_key_attributes: declared_params.except(:can_push) } - key = add_deploy_keys_project(user_project, key_attributes) - - if key.valid? - present key, with: ::API::Entities::DeployKeysProject - else - render_validation_error!(key) - end - end - - desc 'Enable a deploy key for a project' do - detail 'This feature was added in GitLab 8.11' - success ::API::Entities::SSHKey - end - params do - requires :key_id, type: Integer, desc: 'The ID of the deploy key' - end - post ":id/#{path}/:key_id/enable" do - key = ::Projects::EnableDeployKeyService.new(user_project, - current_user, declared_params).execute - - if key - present key, with: ::API::Entities::SSHKey - else - not_found!('Deploy Key') - end - end - - desc 'Disable a deploy key for a project' do - detail 'This feature was added in GitLab 8.11' - success ::API::Entities::SSHKey - end - params do - requires :key_id, type: Integer, desc: 'The ID of the deploy key' - end - delete ":id/#{path}/:key_id/disable" do - key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id]) - key.destroy - - present key.deploy_key, with: ::API::Entities::SSHKey - end - - desc 'Delete deploy key for a project' do - success Key - end - params do - requires :key_id, type: Integer, desc: 'The ID of the deploy key' - end - delete ":id/#{path}/:key_id" do - key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id]) - if key - key.destroy - else - not_found!('Deploy Key') - end - end - end - end - end - end -end diff --git a/lib/api/v3/deployments.rb b/lib/api/v3/deployments.rb deleted file mode 100644 index 1d4972eda26..00000000000 --- a/lib/api/v3/deployments.rb +++ /dev/null @@ -1,43 +0,0 @@ -module API - module V3 - # Deployments RESTful API endpoints - class Deployments < Grape::API - include PaginationParams - - before { authenticate! } - - params do - requires :id, type: String, desc: 'The project ID' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get all deployments of the project' do - detail 'This feature was introduced in GitLab 8.11.' - success ::API::V3::Deployments - end - params do - use :pagination - end - get ':id/deployments' do - authorize! :read_deployment, user_project - - present paginate(user_project.deployments), with: ::API::V3::Deployments - end - - desc 'Gets a specific deployment' do - detail 'This feature was introduced in GitLab 8.11.' - success ::API::V3::Deployments - end - params do - requires :deployment_id, type: Integer, desc: 'The deployment ID' - end - get ':id/deployments/:deployment_id' do - authorize! :read_deployment, user_project - - deployment = user_project.deployments.find(params[:deployment_id]) - - present deployment, with: ::API::V3::Deployments - end - end - end - end -end diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb deleted file mode 100644 index 28fcf6c6e84..00000000000 --- a/lib/api/v3/entities.rb +++ /dev/null @@ -1,311 +0,0 @@ -module API - module V3 - module Entities - class ProjectSnippet < Grape::Entity - expose :id, :title, :file_name - expose :author, using: ::API::Entities::UserBasic - expose :updated_at, :created_at - expose(:expires_at) { |snippet| nil } - - expose :web_url do |snippet, options| - Gitlab::UrlBuilder.build(snippet) - end - end - - class Note < Grape::Entity - expose :id - expose :note, as: :body - expose :attachment_identifier, as: :attachment - expose :author, using: ::API::Entities::UserBasic - expose :created_at, :updated_at - expose :system?, as: :system - expose :noteable_id, :noteable_type - # upvote? and downvote? are deprecated, always return false - expose(:upvote?) { |note| false } - expose(:downvote?) { |note| false } - end - - class PushEventPayload < Grape::Entity - expose :commit_count, :action, :ref_type, :commit_from, :commit_to - expose :ref, :commit_title - end - - class Event < Grape::Entity - expose :project_id, :action_name - expose :target_id, :target_type, :author_id - expose :target_title - expose :created_at - expose :note, using: Entities::Note, if: ->(event, options) { event.note? } - expose :author, using: ::API::Entities::UserBasic, if: ->(event, options) { event.author } - - expose :push_event_payload, - as: :push_data, - using: PushEventPayload, - if: -> (event, _) { event.push? } - - expose :author_username do |event, options| - event.author&.username - end - end - - class AwardEmoji < Grape::Entity - expose :id - expose :name - expose :user, using: ::API::Entities::UserBasic - expose :created_at, :updated_at - expose :awardable_id, :awardable_type - end - - class Project < Grape::Entity - expose :id, :description, :default_branch, :tag_list - expose :public?, as: :public - expose :archived?, as: :archived - expose :visibility_level, :ssh_url_to_repo, :http_url_to_repo, :web_url - expose :owner, using: ::API::Entities::UserBasic, unless: ->(project, options) { project.group } - expose :name, :name_with_namespace - expose :path, :path_with_namespace - expose :resolve_outdated_diff_discussions - expose :container_registry_enabled - - # Expose old field names with the new permissions methods to keep API compatible - expose(:issues_enabled) { |project, options| project.feature_available?(:issues, options[:current_user]) } - expose(:merge_requests_enabled) { |project, options| project.feature_available?(:merge_requests, options[:current_user]) } - expose(:wiki_enabled) { |project, options| project.feature_available?(:wiki, options[:current_user]) } - expose(:builds_enabled) { |project, options| project.feature_available?(:builds, options[:current_user]) } - expose(:snippets_enabled) { |project, options| project.feature_available?(:snippets, options[:current_user]) } - - expose :created_at, :last_activity_at - expose :shared_runners_enabled - expose :lfs_enabled?, as: :lfs_enabled - expose :creator_id - expose :namespace, using: 'API::Entities::Namespace' - expose :forked_from_project, using: ::API::Entities::BasicProjectDetails, if: lambda { |project, options| project.forked? } - expose :avatar_url do |user, options| - user.avatar_url(only_path: false) - end - expose :star_count, :forks_count - expose :open_issues_count, if: lambda { |project, options| project.feature_available?(:issues, options[:current_user]) && project.default_issues_tracker? } - expose :runners_token, if: lambda { |_project, options| options[:user_can_admin_project] } - expose :public_builds - expose :shared_with_groups do |project, options| - ::API::Entities::SharedGroup.represent(project.project_group_links.all, options) - end - expose :only_allow_merge_if_pipeline_succeeds, as: :only_allow_merge_if_build_succeeds - expose :request_access_enabled - expose :only_allow_merge_if_all_discussions_are_resolved - - expose :statistics, using: '::API::V3::Entities::ProjectStatistics', if: :statistics - end - - class ProjectWithAccess < Project - expose :permissions do - expose :project_access, using: ::API::Entities::ProjectAccess do |project, options| - project.project_members.find_by(user_id: options[:current_user].id) - end - - expose :group_access, using: ::API::Entities::GroupAccess do |project, options| - if project.group - project.group.group_members.find_by(user_id: options[:current_user].id) - end - end - end - end - - class MergeRequest < Grape::Entity - expose :id, :iid - expose(:project_id) { |entity| entity.project.id } - expose :title, :description - expose :state, :created_at, :updated_at - expose :target_branch, :source_branch - expose :upvotes, :downvotes - expose :author, :assignee, using: ::API::Entities::UserBasic - expose :source_project_id, :target_project_id - expose :label_names, as: :labels - expose :work_in_progress?, as: :work_in_progress - expose :milestone, using: ::API::Entities::Milestone - expose :merge_when_pipeline_succeeds, as: :merge_when_build_succeeds - expose :merge_status - expose :diff_head_sha, as: :sha - expose :merge_commit_sha - expose :subscribed do |merge_request, options| - merge_request.subscribed?(options[:current_user], options[:project]) - end - expose :user_notes_count - expose :should_remove_source_branch?, as: :should_remove_source_branch - expose :force_remove_source_branch?, as: :force_remove_source_branch - - expose :squash - - expose :web_url do |merge_request, options| - Gitlab::UrlBuilder.build(merge_request) - end - end - - class Group < Grape::Entity - expose :id, :name, :path, :description, :visibility_level - expose :lfs_enabled?, as: :lfs_enabled - expose :avatar_url do |user, options| - user.avatar_url(only_path: false) - end - expose :web_url - expose :request_access_enabled - expose :full_name, :full_path - - if ::Group.supports_nested_groups? - expose :parent_id - end - - expose :statistics, if: :statistics do - with_options format_with: -> (value) { value.to_i } do - expose :storage_size - expose :repository_size - expose :lfs_objects_size - expose :build_artifacts_size - end - end - end - - class GroupDetail < Group - expose :projects, using: Entities::Project - expose :shared_projects, using: Entities::Project - end - - class ApplicationSetting < Grape::Entity - expose :id - expose :default_projects_limit - expose :signup_enabled - expose :password_authentication_enabled_for_web, as: :password_authentication_enabled - expose :password_authentication_enabled_for_web, as: :signin_enabled - expose :gravatar_enabled - expose :sign_in_text - expose :after_sign_up_text - expose :created_at - expose :updated_at - expose :home_page_url - expose :default_branch_protection - expose :restricted_visibility_levels - expose :max_attachment_size - expose :session_expire_delay - expose :default_project_visibility - expose :default_snippet_visibility - expose :default_group_visibility - expose :domain_whitelist - expose :domain_blacklist_enabled - expose :domain_blacklist - expose :user_oauth_applications - expose :after_sign_out_path - expose :container_registry_token_expire_delay - expose :repository_storage - expose :repository_storages - expose :koding_enabled - expose :koding_url - expose :plantuml_enabled - expose :plantuml_url - expose :terminal_max_session_time - end - - class Environment < ::API::Entities::EnvironmentBasic - expose :project, using: Entities::Project - end - - class Trigger < Grape::Entity - expose :token, :created_at, :updated_at, :last_used - expose :owner, using: ::API::Entities::UserBasic - end - - class TriggerRequest < Grape::Entity - expose :id, :variables - end - - class Build < Grape::Entity - expose :id, :status, :stage, :name, :ref, :tag, :coverage - expose :created_at, :started_at, :finished_at - expose :user, with: ::API::Entities::User - expose :artifacts_file, using: ::API::Entities::JobArtifactFile, if: -> (build, opts) { build.artifacts? } - expose :commit, with: ::API::Entities::Commit - expose :runner, with: ::API::Entities::Runner - expose :pipeline, with: ::API::Entities::PipelineBasic - end - - class BuildArtifactFile < Grape::Entity - expose :filename, :size - end - - class Deployment < Grape::Entity - expose :id, :iid, :ref, :sha, :created_at - expose :user, using: ::API::Entities::UserBasic - expose :environment, using: ::API::Entities::EnvironmentBasic - expose :deployable, using: Entities::Build - end - - class MergeRequestChanges < MergeRequest - expose :diffs, as: :changes, using: ::API::Entities::Diff do |compare, _| - compare.raw_diffs(limits: false).to_a - end - end - - class ProjectStatistics < Grape::Entity - expose :commit_count - expose :storage_size - expose :repository_size - expose :lfs_objects_size - expose :build_artifacts_size - end - - class ProjectService < Grape::Entity - expose :id, :title, :created_at, :updated_at, :active - expose :push_events, :issues_events, :confidential_issues_events - expose :merge_requests_events, :tag_push_events, :note_events - expose :pipeline_events - expose :job_events, as: :build_events - # Expose serialized properties - expose :properties do |service, options| - service.properties.slice(*service.api_field_names) - end - end - - class ProjectHook < ::API::Entities::Hook - expose :project_id, :issues_events, :confidential_issues_events - expose :merge_requests_events, :note_events, :pipeline_events - expose :wiki_page_events - expose :job_events, as: :build_events - end - - class ProjectEntity < Grape::Entity - expose :id, :iid - expose(:project_id) { |entity| entity&.project.try(:id) } - expose :title, :description - expose :state, :created_at, :updated_at - end - - class IssueBasic < ProjectEntity - expose :label_names, as: :labels - expose :milestone, using: ::API::Entities::Milestone - expose :assignees, :author, using: ::API::Entities::UserBasic - - expose :assignee, using: ::API::Entities::UserBasic do |issue, options| - issue.assignees.first - end - - expose :user_notes_count - expose :upvotes, :downvotes - expose :due_date - expose :confidential - - expose :web_url do |issue, options| - Gitlab::UrlBuilder.build(issue) - end - end - - class Issue < IssueBasic - unexpose :assignees - expose :assignee do |issue, options| - ::API::Entities::UserBasic.represent(issue.assignees.first, options) - end - expose :subscribed do |issue, options| - issue.subscribed?(options[:current_user], options[:project] || issue.project) - end - end - end - end -end diff --git a/lib/api/v3/environments.rb b/lib/api/v3/environments.rb deleted file mode 100644 index 6bb4e016a01..00000000000 --- a/lib/api/v3/environments.rb +++ /dev/null @@ -1,87 +0,0 @@ -module API - module V3 - class Environments < Grape::API - include ::API::Helpers::CustomValidators - include PaginationParams - - before { authenticate! } - - params do - requires :id, type: String, desc: 'The project ID' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get all environments of the project' do - detail 'This feature was introduced in GitLab 8.11.' - success Entities::Environment - end - params do - use :pagination - end - get ':id/environments' do - authorize! :read_environment, user_project - - present paginate(user_project.environments), with: Entities::Environment - end - - desc 'Creates a new environment' do - detail 'This feature was introduced in GitLab 8.11.' - success Entities::Environment - end - params do - requires :name, type: String, desc: 'The name of the environment to be created' - optional :external_url, type: String, desc: 'URL on which this deployment is viewable' - optional :slug, absence: { message: "is automatically generated and cannot be changed" } - end - post ':id/environments' do - authorize! :create_environment, user_project - - environment = user_project.environments.create(declared_params) - - if environment.persisted? - present environment, with: Entities::Environment - else - render_validation_error!(environment) - end - end - - desc 'Updates an existing environment' do - detail 'This feature was introduced in GitLab 8.11.' - success Entities::Environment - end - params do - requires :environment_id, type: Integer, desc: 'The environment ID' - optional :name, type: String, desc: 'The new environment name' - optional :external_url, type: String, desc: 'The new URL on which this deployment is viewable' - optional :slug, absence: { message: "is automatically generated and cannot be changed" } - end - put ':id/environments/:environment_id' do - authorize! :update_environment, user_project - - environment = user_project.environments.find(params[:environment_id]) - - update_params = declared_params(include_missing: false).extract!(:name, :external_url) - if environment.update(update_params) - present environment, with: Entities::Environment - else - render_validation_error!(environment) - end - end - - desc 'Deletes an existing environment' do - detail 'This feature was introduced in GitLab 8.11.' - success Entities::Environment - end - params do - requires :environment_id, type: Integer, desc: 'The environment ID' - end - delete ':id/environments/:environment_id' do - authorize! :update_environment, user_project - - environment = user_project.environments.find(params[:environment_id]) - - present environment.destroy, with: Entities::Environment - end - end - end - end -end diff --git a/lib/api/v3/files.rb b/lib/api/v3/files.rb deleted file mode 100644 index 7b4b3448b6d..00000000000 --- a/lib/api/v3/files.rb +++ /dev/null @@ -1,138 +0,0 @@ -module API - module V3 - class Files < Grape::API - helpers do - def commit_params(attrs) - { - file_path: attrs[:file_path], - start_branch: attrs[:branch], - branch_name: attrs[:branch], - commit_message: attrs[:commit_message], - file_content: attrs[:content], - file_content_encoding: attrs[:encoding], - author_email: attrs[:author_email], - author_name: attrs[:author_name] - } - end - - def commit_response(attrs) - { - file_path: attrs[:file_path], - branch: attrs[:branch] - } - end - - params :simple_file_params do - requires :file_path, type: String, desc: 'The path to new file. Ex. lib/class.rb' - requires :branch_name, type: String, desc: 'The name of branch' - requires :commit_message, type: String, desc: 'Commit Message' - optional :author_email, type: String, desc: 'The email of the author' - optional :author_name, type: String, desc: 'The name of the author' - end - - params :extended_file_params do - use :simple_file_params - requires :content, type: String, desc: 'File content' - optional :encoding, type: String, values: %w[base64], desc: 'File encoding' - end - end - - params do - requires :id, type: String, desc: 'The project ID' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get a file from repository' - params do - requires :file_path, type: String, desc: 'The path to the file. Ex. lib/class.rb' - requires :ref, type: String, desc: 'The name of branch, tag, or commit' - end - get ":id/repository/files" do - authorize! :download_code, user_project - - commit = user_project.commit(params[:ref]) - not_found!('Commit') unless commit - - repo = user_project.repository - blob = repo.blob_at(commit.sha, params[:file_path]) - not_found!('File') unless blob - - blob.load_all_data! - status(200) - - { - file_name: blob.name, - file_path: blob.path, - size: blob.size, - encoding: "base64", - content: Base64.strict_encode64(blob.data), - ref: params[:ref], - blob_id: blob.id, - commit_id: commit.id, - last_commit_id: repo.last_commit_id_for_path(commit.sha, params[:file_path]) - } - end - - desc 'Create new file in repository' - params do - use :extended_file_params - end - post ":id/repository/files" do - authorize! :push_code, user_project - - file_params = declared_params(include_missing: false) - file_params[:branch] = file_params.delete(:branch_name) - - result = ::Files::CreateService.new(user_project, current_user, commit_params(file_params)).execute - - if result[:status] == :success - status(201) - commit_response(file_params) - else - render_api_error!(result[:message], 400) - end - end - - desc 'Update existing file in repository' - params do - use :extended_file_params - end - put ":id/repository/files" do - authorize! :push_code, user_project - - file_params = declared_params(include_missing: false) - file_params[:branch] = file_params.delete(:branch_name) - - result = ::Files::UpdateService.new(user_project, current_user, commit_params(file_params)).execute - - if result[:status] == :success - status(200) - commit_response(file_params) - else - http_status = result[:http_status] || 400 - render_api_error!(result[:message], http_status) - end - end - - desc 'Delete an existing file in repository' - params do - use :simple_file_params - end - delete ":id/repository/files" do - authorize! :push_code, user_project - - file_params = declared_params(include_missing: false) - file_params[:branch] = file_params.delete(:branch_name) - - result = ::Files::DeleteService.new(user_project, current_user, commit_params(file_params)).execute - - if result[:status] == :success - status(200) - commit_response(file_params) - else - render_api_error!(result[:message], 400) - end - end - end - end - end -end diff --git a/lib/api/v3/groups.rb b/lib/api/v3/groups.rb deleted file mode 100644 index 4fa7d196e50..00000000000 --- a/lib/api/v3/groups.rb +++ /dev/null @@ -1,187 +0,0 @@ -module API - module V3 - class Groups < Grape::API - include PaginationParams - - before { authenticate! } - - helpers do - params :optional_params do - optional :description, type: String, desc: 'The description of the group' - optional :visibility_level, type: Integer, desc: 'The visibility level of the group' - optional :lfs_enabled, type: Boolean, desc: 'Enable/disable LFS for the projects in this group' - optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access' - end - - params :statistics_params do - optional :statistics, type: Boolean, default: false, desc: 'Include project statistics' - end - - def present_groups(groups, options = {}) - options = options.reverse_merge( - with: Entities::Group, - current_user: current_user - ) - - groups = groups.with_statistics if options[:statistics] - present paginate(groups), options - end - end - - resource :groups do - desc 'Get a groups list' do - success Entities::Group - end - params do - use :statistics_params - optional :skip_groups, type: Array[Integer], desc: 'Array of group ids to exclude from list' - optional :all_available, type: Boolean, desc: 'Show all group that you have access to' - optional :search, type: String, desc: 'Search for a specific group' - optional :order_by, type: String, values: %w[name path], default: 'name', desc: 'Order by name or path' - optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)' - use :pagination - end - get do - groups = if current_user.admin - Group.all - elsif params[:all_available] - GroupsFinder.new(current_user).execute - else - current_user.groups - end - - groups = groups.search(params[:search]) if params[:search].present? - groups = groups.where.not(id: params[:skip_groups]) if params[:skip_groups].present? - groups = groups.reorder(params[:order_by] => params[:sort]) - - present_groups groups, statistics: params[:statistics] && current_user.admin? - end - - desc 'Get list of owned groups for authenticated user' do - success Entities::Group - end - params do - use :pagination - use :statistics_params - end - get '/owned' do - present_groups current_user.owned_groups, statistics: params[:statistics] - end - - desc 'Create a group. Available only for users who can create groups.' do - success Entities::Group - end - params do - requires :name, type: String, desc: 'The name of the group' - requires :path, type: String, desc: 'The path of the group' - - if ::Group.supports_nested_groups? - optional :parent_id, type: Integer, desc: 'The parent group id for creating nested group' - end - - use :optional_params - end - post do - authorize! :create_group - - group = ::Groups::CreateService.new(current_user, declared_params(include_missing: false)).execute - - if group.persisted? - present group, with: Entities::Group, current_user: current_user - else - render_api_error!("Failed to save group #{group.errors.messages}", 400) - end - end - end - - params do - requires :id, type: String, desc: 'The ID of a group' - end - resource :groups, requirements: { id: %r{[^/]+} } do - desc 'Update a group. Available only for users who can administrate groups.' do - success Entities::Group - end - params do - optional :name, type: String, desc: 'The name of the group' - optional :path, type: String, desc: 'The path of the group' - use :optional_params - at_least_one_of :name, :path, :description, :visibility_level, - :lfs_enabled, :request_access_enabled - end - put ':id' do - group = find_group!(params[:id]) - authorize! :admin_group, group - - if ::Groups::UpdateService.new(group, current_user, declared_params(include_missing: false)).execute - present group, with: Entities::GroupDetail, current_user: current_user - else - render_validation_error!(group) - end - end - - desc 'Get a single group, with containing projects.' do - success Entities::GroupDetail - end - get ":id" do - group = find_group!(params[:id]) - present group, with: Entities::GroupDetail, current_user: current_user - end - - desc 'Remove a group.' - delete ":id" do - group = find_group!(params[:id]) - authorize! :admin_group, group - ::Groups::DestroyService.new(group, current_user).async_execute - - accepted! - end - - desc 'Get a list of projects in this group.' do - success Entities::Project - end - params do - optional :archived, type: Boolean, default: false, desc: 'Limit by archived status' - optional :visibility, type: String, values: %w[public internal private], - desc: 'Limit by visibility' - optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria' - optional :order_by, type: String, values: %w[id name path created_at updated_at last_activity_at], - default: 'created_at', desc: 'Return projects ordered by field' - optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return projects sorted in ascending and descending order' - optional :simple, type: Boolean, default: false, - desc: 'Return only the ID, URL, name, and path of each project' - optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user' - optional :starred, type: Boolean, default: false, desc: 'Limit by starred status' - - use :pagination - end - get ":id/projects" do - group = find_group!(params[:id]) - projects = GroupProjectsFinder.new(group: group, current_user: current_user).execute - projects = filter_projects(projects) - entity = params[:simple] ? ::API::Entities::BasicProjectDetails : Entities::Project - present paginate(projects), with: entity, current_user: current_user - end - - desc 'Transfer a project to the group namespace. Available only for admin.' do - success Entities::GroupDetail - end - params do - requires :project_id, type: String, desc: 'The ID or path of the project' - end - post ":id/projects/:project_id", requirements: { project_id: /.+/ } do - authenticated_as_admin! - group = find_group!(params[:id]) - project = find_project!(params[:project_id]) - result = ::Projects::TransferService.new(project, current_user).execute(group) - - if result - present group, with: Entities::GroupDetail, current_user: current_user - else - render_api_error!("Failed to transfer project #{project.errors.messages}", 400) - end - end - end - end - end -end diff --git a/lib/api/v3/helpers.rb b/lib/api/v3/helpers.rb deleted file mode 100644 index 4e63aa01c1a..00000000000 --- a/lib/api/v3/helpers.rb +++ /dev/null @@ -1,49 +0,0 @@ -module API - module V3 - module Helpers - def find_project_issue(id) - IssuesFinder.new(current_user, project_id: user_project.id).find(id) - end - - def find_project_merge_request(id) - MergeRequestsFinder.new(current_user, project_id: user_project.id).find(id) - end - - def find_merge_request_with_access(id, access_level = :read_merge_request) - merge_request = user_project.merge_requests.find(id) - authorize! access_level, merge_request - merge_request - end - - # project helpers - - def filter_projects(projects) - if params[:membership] - projects = projects.merge(current_user.authorized_projects) - end - - if params[:owned] - projects = projects.merge(current_user.owned_projects) - end - - if params[:starred] - projects = projects.merge(current_user.starred_projects) - end - - if params[:search].present? - projects = projects.search(params[:search]) - end - - if params[:visibility].present? - projects = projects.where(visibility_level: Gitlab::VisibilityLevel.level_value(params[:visibility])) - end - - unless params[:archived].nil? - projects = projects.where(archived: to_boolean(params[:archived])) - end - - projects.reorder(params[:order_by] => params[:sort]) - end - end - end -end diff --git a/lib/api/v3/issues.rb b/lib/api/v3/issues.rb deleted file mode 100644 index b59947d81d9..00000000000 --- a/lib/api/v3/issues.rb +++ /dev/null @@ -1,240 +0,0 @@ -module API - module V3 - class Issues < Grape::API - include PaginationParams - - before { authenticate! } - - helpers do - def find_issues(args = {}) - args = params.merge(args) - args = convert_parameters_from_legacy_format(args) - - args.delete(:id) - args[:milestone_title] = args.delete(:milestone) - - match_all_labels = args.delete(:match_all_labels) - labels = args.delete(:labels) - args[:label_name] = labels if match_all_labels - - # IssuesFinder expects iids - args[:iids] = args.delete(:iid) if args.key?(:iid) - - issues = IssuesFinder.new(current_user, args).execute.inc_notes_with_associations - - if !match_all_labels && labels.present? - issues = issues.includes(:labels).where('labels.title' => labels.split(',')) - end - - issues.reorder(args[:order_by] => args[:sort]) - end - - params :issues_params do - optional :labels, type: String, desc: 'Comma-separated list of label names' - optional :milestone, type: String, desc: 'Milestone title' - optional :order_by, type: String, values: %w[created_at updated_at], default: 'created_at', - desc: 'Return issues ordered by `created_at` or `updated_at` fields.' - optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return issues sorted in `asc` or `desc` order.' - optional :milestone, type: String, desc: 'Return issues for a specific milestone' - use :pagination - end - - params :issue_params do - optional :description, type: String, desc: 'The description of an issue' - optional :assignee_id, type: Integer, desc: 'The ID of a user to assign issue' - optional :milestone_id, type: Integer, desc: 'The ID of a milestone to assign issue' - optional :labels, type: String, desc: 'Comma-separated list of label names' - optional :due_date, type: String, desc: 'Date time string in the format YEAR-MONTH-DAY' - optional :confidential, type: Boolean, desc: 'Boolean parameter if the issue should be confidential' - end - end - - resource :issues do - desc "Get currently authenticated user's issues" do - success ::API::V3::Entities::Issue - end - params do - optional :state, type: String, values: %w[opened closed all], default: 'all', - desc: 'Return opened, closed, or all issues' - use :issues_params - end - get do - issues = find_issues(scope: 'authored') - - present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user - end - end - - params do - requires :id, type: String, desc: 'The ID of a group' - end - resource :groups, requirements: { id: %r{[^/]+} } do - desc 'Get a list of group issues' do - success ::API::V3::Entities::Issue - end - params do - optional :state, type: String, values: %w[opened closed all], default: 'all', - desc: 'Return opened, closed, or all issues' - use :issues_params - end - get ":id/issues" do - group = find_group!(params[:id]) - - issues = find_issues(group_id: group.id, match_all_labels: true) - - present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user - end - end - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - include TimeTrackingEndpoints - - desc 'Get a list of project issues' do - detail 'iid filter is deprecated have been removed on V4' - success ::API::V3::Entities::Issue - end - params do - optional :state, type: String, values: %w[opened closed all], default: 'all', - desc: 'Return opened, closed, or all issues' - optional :iid, type: Integer, desc: 'Return the issue having the given `iid`' - use :issues_params - end - get ":id/issues" do - project = find_project!(params[:id]) - - issues = find_issues(project_id: project.id) - - present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project - end - - desc 'Get a single project issue' do - success ::API::V3::Entities::Issue - end - params do - requires :issue_id, type: Integer, desc: 'The ID of a project issue' - end - get ":id/issues/:issue_id" do - issue = find_project_issue(params[:issue_id]) - present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project - end - - desc 'Create a new project issue' do - success ::API::V3::Entities::Issue - end - params do - requires :title, type: String, desc: 'The title of an issue' - optional :created_at, type: DateTime, - desc: 'Date time when the issue was created. Available only for admins and project owners.' - optional :merge_request_for_resolving_discussions, type: Integer, - desc: 'The IID of a merge request for which to resolve discussions' - use :issue_params - end - post ':id/issues' do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42131') - - # Setting created_at time only allowed for admins and project owners - unless current_user.admin? || user_project.owner == current_user - params.delete(:created_at) - end - - issue_params = declared_params(include_missing: false) - issue_params = issue_params.merge(merge_request_to_resolve_discussions_of: issue_params.delete(:merge_request_for_resolving_discussions)) - issue_params = convert_parameters_from_legacy_format(issue_params) - - issue = ::Issues::CreateService.new(user_project, - current_user, - issue_params.merge(request: request, api: true)).execute - render_spam_error! if issue.spam? - - if issue.valid? - present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project - else - render_validation_error!(issue) - end - end - - desc 'Update an existing issue' do - success ::API::V3::Entities::Issue - end - params do - requires :issue_id, type: Integer, desc: 'The ID of a project issue' - optional :title, type: String, desc: 'The title of an issue' - optional :updated_at, type: DateTime, - desc: 'Date time when the issue was updated. Available only for admins and project owners.' - optional :state_event, type: String, values: %w[reopen close], desc: 'State of the issue' - use :issue_params - at_least_one_of :title, :description, :assignee_id, :milestone_id, - :labels, :created_at, :due_date, :confidential, :state_event - end - put ':id/issues/:issue_id' do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42132') - - issue = user_project.issues.find(params.delete(:issue_id)) - authorize! :update_issue, issue - - # Setting created_at time only allowed for admins and project owners - unless current_user.admin? || user_project.owner == current_user - params.delete(:updated_at) - end - - update_params = declared_params(include_missing: false).merge(request: request, api: true) - update_params = convert_parameters_from_legacy_format(update_params) - - issue = ::Issues::UpdateService.new(user_project, - current_user, - update_params).execute(issue) - - render_spam_error! if issue.spam? - - if issue.valid? - present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project - else - render_validation_error!(issue) - end - end - - desc 'Move an existing issue' do - success ::API::V3::Entities::Issue - end - params do - requires :issue_id, type: Integer, desc: 'The ID of a project issue' - requires :to_project_id, type: Integer, desc: 'The ID of the new project' - end - post ':id/issues/:issue_id/move' do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42133') - - issue = user_project.issues.find_by(id: params[:issue_id]) - not_found!('Issue') unless issue - - new_project = Project.find_by(id: params[:to_project_id]) - not_found!('Project') unless new_project - - begin - issue = ::Issues::MoveService.new(user_project, current_user).execute(issue, new_project) - present issue, with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project - rescue ::Issues::MoveService::MoveError => error - render_api_error!(error.message, 400) - end - end - - desc 'Delete a project issue' - params do - requires :issue_id, type: Integer, desc: 'The ID of a project issue' - end - delete ":id/issues/:issue_id" do - issue = user_project.issues.find_by(id: params[:issue_id]) - not_found!('Issue') unless issue - - authorize!(:destroy_issue, issue) - - status(200) - issue.destroy - end - end - end - end -end diff --git a/lib/api/v3/labels.rb b/lib/api/v3/labels.rb deleted file mode 100644 index 4157462ec2a..00000000000 --- a/lib/api/v3/labels.rb +++ /dev/null @@ -1,34 +0,0 @@ -module API - module V3 - class Labels < Grape::API - before { authenticate! } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get all labels of the project' do - success ::API::Entities::Label - end - get ':id/labels' do - present available_labels_for(user_project), with: ::API::Entities::Label, current_user: current_user, project: user_project - end - - desc 'Delete an existing label' do - success ::API::Entities::Label - end - params do - requires :name, type: String, desc: 'The name of the label to be deleted' - end - delete ':id/labels' do - authorize! :admin_label, user_project - - label = user_project.labels.find_by(title: params[:name]) - not_found!('Label') unless label - - present label.destroy, with: ::API::Entities::Label, current_user: current_user, project: user_project - end - end - end - end -end diff --git a/lib/api/v3/members.rb b/lib/api/v3/members.rb deleted file mode 100644 index 88dd598f1e9..00000000000 --- a/lib/api/v3/members.rb +++ /dev/null @@ -1,136 +0,0 @@ -module API - module V3 - class Members < Grape::API - include PaginationParams - - before { authenticate! } - - helpers ::API::Helpers::MembersHelpers - - %w[group project].each do |source_type| - params do - requires :id, type: String, desc: "The #{source_type} ID" - end - resource source_type.pluralize, requirements: { id: %r{[^/]+} } do - desc 'Gets a list of group or project members viewable by the authenticated user.' do - success ::API::Entities::Member - end - params do - optional :query, type: String, desc: 'A query string to search for members' - use :pagination - end - get ":id/members" do - source = find_source(source_type, params[:id]) - - members = source.members.where.not(user_id: nil).includes(:user) - members = members.joins(:user).merge(User.search(params[:query])) if params[:query].present? - members = paginate(members) - - present members, with: ::API::Entities::Member - end - - desc 'Gets a member of a group or project.' do - success ::API::Entities::Member - end - params do - requires :user_id, type: Integer, desc: 'The user ID of the member' - end - get ":id/members/:user_id" do - source = find_source(source_type, params[:id]) - - members = source.members - member = members.find_by!(user_id: params[:user_id]) - - present member, with: ::API::Entities::Member - end - - desc 'Adds a member to a group or project.' do - success ::API::Entities::Member - end - params do - requires :user_id, type: Integer, desc: 'The user ID of the new member' - requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)' - optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY' - end - post ":id/members" do - source = find_source(source_type, params[:id]) - authorize_admin_source!(source_type, source) - - member = source.members.find_by(user_id: params[:user_id]) - - # We need this explicit check because `source.add_user` doesn't - # currently return the member created so it would return 201 even if - # the member already existed... - # The `source_type == 'group'` check is to ensure back-compatibility - # but 409 behavior should be used for both project and group members in 9.0! - conflict!('Member already exists') if source_type == 'group' && member - - unless member - member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at]) - end - - if member.persisted? && member.valid? - present member, with: ::API::Entities::Member - else - # This is to ensure back-compatibility but 400 behavior should be used - # for all validation errors in 9.0! - render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level) - render_validation_error!(member) - end - end - - desc 'Updates a member of a group or project.' do - success ::API::Entities::Member - end - params do - requires :user_id, type: Integer, desc: 'The user ID of the new member' - requires :access_level, type: Integer, desc: 'A valid access level' - optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY' - end - put ":id/members/:user_id" do - source = find_source(source_type, params.delete(:id)) - authorize_admin_source!(source_type, source) - - member = source.members.find_by!(user_id: params.delete(:user_id)) - - if member.update_attributes(declared_params(include_missing: false)) - present member, with: ::API::Entities::Member - else - # This is to ensure back-compatibility but 400 behavior should be used - # for all validation errors in 9.0! - render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level) - render_validation_error!(member) - end - end - - desc 'Removes a user from a group or project.' - params do - requires :user_id, type: Integer, desc: 'The user ID of the member' - end - delete ":id/members/:user_id" do - source = find_source(source_type, params[:id]) - - # This is to ensure back-compatibility but find_by! should be used - # in that casse in 9.0! - member = source.members.find_by(user_id: params[:user_id]) - - # This is to ensure back-compatibility but this should be removed in - # favor of find_by! in 9.0! - not_found!("Member: user_id:#{params[:user_id]}") if source_type == 'group' && member.nil? - - # This is to ensure back-compatibility but 204 behavior should be used - # for all DELETE endpoints in 9.0! - if member.nil? - status(200 ) - { message: "Access revoked", id: params[:user_id].to_i } - else - ::Members::DestroyService.new(current_user).execute(member) - - present member, with: ::API::Entities::Member - end - end - end - end - end - end -end diff --git a/lib/api/v3/merge_request_diffs.rb b/lib/api/v3/merge_request_diffs.rb deleted file mode 100644 index 22866fc2845..00000000000 --- a/lib/api/v3/merge_request_diffs.rb +++ /dev/null @@ -1,44 +0,0 @@ -module API - module V3 - # MergeRequestDiff API - class MergeRequestDiffs < Grape::API - before { authenticate! } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get a list of merge request diff versions' do - detail 'This feature was introduced in GitLab 8.12.' - success ::API::Entities::MergeRequestDiff - end - - params do - requires :merge_request_id, type: Integer, desc: 'The ID of a merge request' - end - - get ":id/merge_requests/:merge_request_id/versions" do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - - present merge_request.merge_request_diffs.order_id_desc, with: ::API::Entities::MergeRequestDiff - end - - desc 'Get a single merge request diff version' do - detail 'This feature was introduced in GitLab 8.12.' - success ::API::Entities::MergeRequestDiffFull - end - - params do - requires :merge_request_id, type: Integer, desc: 'The ID of a merge request' - requires :version_id, type: Integer, desc: 'The ID of a merge request diff version' - end - - get ":id/merge_requests/:merge_request_id/versions/:version_id" do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - - present merge_request.merge_request_diffs.find(params[:version_id]), with: ::API::Entities::MergeRequestDiffFull - end - end - end - end -end diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb deleted file mode 100644 index af5afd1c334..00000000000 --- a/lib/api/v3/merge_requests.rb +++ /dev/null @@ -1,301 +0,0 @@ -module API - module V3 - class MergeRequests < Grape::API - include PaginationParams - - DEPRECATION_MESSAGE = 'This endpoint is deprecated and has been removed on V4'.freeze - - before { authenticate! } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - include TimeTrackingEndpoints - - helpers do - def handle_merge_request_errors!(errors) - if errors[:project_access].any? - error!(errors[:project_access], 422) - elsif errors[:branch_conflict].any? - error!(errors[:branch_conflict], 422) - elsif errors[:validate_fork].any? - error!(errors[:validate_fork], 422) - elsif errors[:validate_branches].any? - conflict!(errors[:validate_branches]) - elsif errors[:base].any? - error!(errors[:base], 422) - end - - render_api_error!(errors, 400) - end - - def issue_entity(project) - if project.has_external_issue_tracker? - ::API::Entities::ExternalIssue - else - ::API::V3::Entities::Issue - end - end - - params :optional_params do - optional :description, type: String, desc: 'The description of the merge request' - optional :assignee_id, type: Integer, desc: 'The ID of a user to assign the merge request' - optional :milestone_id, type: Integer, desc: 'The ID of a milestone to assign the merge request' - optional :labels, type: String, desc: 'Comma-separated list of label names' - optional :remove_source_branch, type: Boolean, desc: 'Remove source branch when merging' - optional :squash, type: Boolean, desc: 'Squash commits when merging' - end - end - - desc 'List merge requests' do - detail 'iid filter is deprecated have been removed on V4' - success ::API::V3::Entities::MergeRequest - end - params do - optional :state, type: String, values: %w[opened closed merged all], default: 'all', - desc: 'Return opened, closed, merged, or all merge requests' - optional :order_by, type: String, values: %w[created_at updated_at], default: 'created_at', - desc: 'Return merge requests ordered by `created_at` or `updated_at` fields.' - optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return merge requests sorted in `asc` or `desc` order.' - optional :iid, type: Array[Integer], desc: 'The IID of the merge requests' - use :pagination - end - get ":id/merge_requests" do - authorize! :read_merge_request, user_project - - merge_requests = user_project.merge_requests.inc_notes_with_associations - merge_requests = filter_by_iid(merge_requests, params[:iid]) if params[:iid].present? - - merge_requests = - case params[:state] - when 'opened' then merge_requests.opened - when 'closed' then merge_requests.closed - when 'merged' then merge_requests.merged - else merge_requests - end - - merge_requests = merge_requests.reorder(params[:order_by] => params[:sort]) - present paginate(merge_requests), with: ::API::V3::Entities::MergeRequest, current_user: current_user, project: user_project - end - - desc 'Create a merge request' do - success ::API::V3::Entities::MergeRequest - end - params do - requires :title, type: String, desc: 'The title of the merge request' - requires :source_branch, type: String, desc: 'The source branch' - requires :target_branch, type: String, desc: 'The target branch' - optional :target_project_id, type: Integer, - desc: 'The target project of the merge request defaults to the :id of the project' - use :optional_params - end - post ":id/merge_requests" do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126') - - authorize! :create_merge_request_from, user_project - - mr_params = declared_params(include_missing: false) - mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) if mr_params[:remove_source_branch].present? - - merge_request = ::MergeRequests::CreateService.new(user_project, current_user, mr_params).execute - - if merge_request.valid? - present merge_request, with: ::API::V3::Entities::MergeRequest, current_user: current_user, project: user_project - else - handle_merge_request_errors! merge_request.errors - end - end - - desc 'Delete a merge request' - params do - requires :merge_request_id, type: Integer, desc: 'The ID of a merge request' - end - delete ":id/merge_requests/:merge_request_id" do - merge_request = find_project_merge_request(params[:merge_request_id]) - - authorize!(:destroy_merge_request, merge_request) - - status(200) - merge_request.destroy - end - - params do - requires :merge_request_id, type: Integer, desc: 'The ID of a merge request' - end - { ":id/merge_request/:merge_request_id" => :deprecated, ":id/merge_requests/:merge_request_id" => :ok }.each do |path, status| - desc 'Get a single merge request' do - if status == :deprecated - detail DEPRECATION_MESSAGE - end - - success ::API::V3::Entities::MergeRequest - end - get path do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - - present merge_request, with: ::API::V3::Entities::MergeRequest, current_user: current_user, project: user_project - end - - desc 'Get the commits of a merge request' do - success ::API::Entities::Commit - end - get "#{path}/commits" do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - - present merge_request.commits, with: ::API::Entities::Commit - end - - desc 'Show the merge request changes' do - success ::API::Entities::MergeRequestChanges - end - get "#{path}/changes" do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - - present merge_request, with: ::API::Entities::MergeRequestChanges, current_user: current_user - end - - desc 'Update a merge request' do - success ::API::V3::Entities::MergeRequest - end - params do - optional :title, type: String, allow_blank: false, desc: 'The title of the merge request' - optional :target_branch, type: String, allow_blank: false, desc: 'The target branch' - optional :state_event, type: String, values: %w[close reopen merge], - desc: 'Status of the merge request' - use :optional_params - at_least_one_of :title, :target_branch, :description, :assignee_id, - :milestone_id, :labels, :state_event, - :remove_source_branch, :squash - end - put path do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42127') - - merge_request = find_merge_request_with_access(params.delete(:merge_request_id), :update_merge_request) - - mr_params = declared_params(include_missing: false) - mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) if mr_params[:remove_source_branch].present? - - merge_request = ::MergeRequests::UpdateService.new(user_project, current_user, mr_params).execute(merge_request) - - if merge_request.valid? - present merge_request, with: ::API::V3::Entities::MergeRequest, current_user: current_user, project: user_project - else - handle_merge_request_errors! merge_request.errors - end - end - - desc 'Merge a merge request' do - success ::API::V3::Entities::MergeRequest - end - params do - optional :merge_commit_message, type: String, desc: 'Custom merge commit message' - optional :should_remove_source_branch, type: Boolean, - desc: 'When true, the source branch will be deleted if possible' - optional :merge_when_build_succeeds, type: Boolean, - desc: 'When true, this merge request will be merged when the build succeeds' - optional :sha, type: String, desc: 'When present, must have the HEAD SHA of the source branch' - optional :squash, type: Boolean, desc: 'When true, the commits will be squashed into a single commit on merge' - end - put "#{path}/merge" do - merge_request = find_project_merge_request(params[:merge_request_id]) - - # Merge request can not be merged - # because user dont have permissions to push into target branch - unauthorized! unless merge_request.can_be_merged_by?(current_user) - - not_allowed! unless merge_request.mergeable_state? - - render_api_error!('Branch cannot be merged', 406) unless merge_request.mergeable? - - if params[:sha] && merge_request.diff_head_sha != params[:sha] - render_api_error!("SHA does not match HEAD of source branch: #{merge_request.diff_head_sha}", 409) - end - - merge_request.update(squash: params[:squash]) if params[:squash] - - merge_params = { - commit_message: params[:merge_commit_message], - should_remove_source_branch: params[:should_remove_source_branch] - } - - if params[:merge_when_build_succeeds] && merge_request.head_pipeline && merge_request.head_pipeline.active? - ::MergeRequests::MergeWhenPipelineSucceedsService - .new(merge_request.target_project, current_user, merge_params) - .execute(merge_request) - else - ::MergeRequests::MergeService - .new(merge_request.target_project, current_user, merge_params) - .execute(merge_request) - end - - present merge_request, with: ::API::V3::Entities::MergeRequest, current_user: current_user, project: user_project - end - - desc 'Cancel merge if "Merge When Build succeeds" is enabled' do - success ::API::V3::Entities::MergeRequest - end - post "#{path}/cancel_merge_when_build_succeeds" do - merge_request = find_project_merge_request(params[:merge_request_id]) - - unauthorized! unless merge_request.can_cancel_merge_when_pipeline_succeeds?(current_user) - - ::MergeRequest::MergeWhenPipelineSucceedsService - .new(merge_request.target_project, current_user) - .cancel(merge_request) - end - - desc 'Get the comments of a merge request' do - detail 'Duplicate. DEPRECATED and HAS BEEN REMOVED in V4' - success ::API::Entities::MRNote - end - params do - use :pagination - end - get "#{path}/comments" do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - present paginate(merge_request.notes.fresh), with: ::API::Entities::MRNote - end - - desc 'Post a comment to a merge request' do - detail 'Duplicate. DEPRECATED and HAS BEEN REMOVED in V4' - success ::API::Entities::MRNote - end - params do - requires :note, type: String, desc: 'The text of the comment' - end - post "#{path}/comments" do - merge_request = find_merge_request_with_access(params[:merge_request_id], :create_note) - - opts = { - note: params[:note], - noteable_type: 'MergeRequest', - noteable_id: merge_request.id - } - - note = ::Notes::CreateService.new(user_project, current_user, opts).execute - - if note.save - present note, with: ::API::Entities::MRNote - else - render_api_error!("Failed to save note #{note.errors.messages}", 400) - end - end - - desc 'List issues that will be closed on merge' do - success ::API::Entities::MRNote - end - params do - use :pagination - end - get "#{path}/closes_issues" do - merge_request = find_merge_request_with_access(params[:merge_request_id]) - issues = ::Kaminari.paginate_array(merge_request.closes_issues(current_user)) - present paginate(issues), with: issue_entity(user_project), current_user: current_user - end - end - end - end - end -end diff --git a/lib/api/v3/milestones.rb b/lib/api/v3/milestones.rb deleted file mode 100644 index 9be4cf9d22a..00000000000 --- a/lib/api/v3/milestones.rb +++ /dev/null @@ -1,65 +0,0 @@ -module API - module V3 - class Milestones < Grape::API - include PaginationParams - - before { authenticate! } - - helpers do - def filter_milestones_state(milestones, state) - case state - when 'active' then milestones.active - when 'closed' then milestones.closed - else milestones - end - end - end - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get a list of project milestones' do - success ::API::Entities::Milestone - end - params do - optional :state, type: String, values: %w[active closed all], default: 'all', - desc: 'Return "active", "closed", or "all" milestones' - optional :iid, type: Array[Integer], desc: 'The IID of the milestone' - use :pagination - end - get ":id/milestones" do - authorize! :read_milestone, user_project - - milestones = user_project.milestones - milestones = filter_milestones_state(milestones, params[:state]) - milestones = filter_by_iid(milestones, params[:iid]) if params[:iid].present? - milestones = milestones.order_id_desc - - present paginate(milestones), with: ::API::Entities::Milestone - end - - desc 'Get all issues for a single project milestone' do - success ::API::V3::Entities::Issue - end - params do - requires :milestone_id, type: Integer, desc: 'The ID of a project milestone' - use :pagination - end - get ':id/milestones/:milestone_id/issues' do - authorize! :read_milestone, user_project - - milestone = user_project.milestones.find(params[:milestone_id]) - - finder_params = { - project_id: user_project.id, - milestone_title: milestone.title - } - - issues = IssuesFinder.new(current_user, finder_params).execute - present paginate(issues), with: ::API::V3::Entities::Issue, current_user: current_user, project: user_project - end - end - end - end -end diff --git a/lib/api/v3/notes.rb b/lib/api/v3/notes.rb deleted file mode 100644 index d49772b92f2..00000000000 --- a/lib/api/v3/notes.rb +++ /dev/null @@ -1,148 +0,0 @@ -module API - module V3 - class Notes < Grape::API - include PaginationParams - - before { authenticate! } - - NOTEABLE_TYPES = [Issue, MergeRequest, Snippet].freeze - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - NOTEABLE_TYPES.each do |noteable_type| - noteables_str = noteable_type.to_s.underscore.pluralize - - desc 'Get a list of project +noteable+ notes' do - success ::API::V3::Entities::Note - end - params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' - use :pagination - end - get ":id/#{noteables_str}/:noteable_id/notes" do - noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend - - if can?(current_user, noteable_read_ability_name(noteable), noteable) - # We exclude notes that are cross-references and that cannot be viewed - # by the current user. By doing this exclusion at this level and not - # at the DB query level (which we cannot in that case), the current - # page can have less elements than :per_page even if - # there's more than one page. - notes = - # paginate() only works with a relation. This could lead to a - # mismatch between the pagination headers info and the actual notes - # array returned, but this is really a edge-case. - paginate(noteable.notes) - .reject { |n| n.cross_reference_not_visible_for?(current_user) } - present notes, with: ::API::V3::Entities::Note - else - not_found!("Notes") - end - end - - desc 'Get a single +noteable+ note' do - success ::API::V3::Entities::Note - end - params do - requires :note_id, type: Integer, desc: 'The ID of a note' - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' - end - get ":id/#{noteables_str}/:noteable_id/notes/:note_id" do - noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend - note = noteable.notes.find(params[:note_id]) - can_read_note = can?(current_user, noteable_read_ability_name(noteable), noteable) && !note.cross_reference_not_visible_for?(current_user) - - if can_read_note - present note, with: ::API::V3::Entities::Note - else - not_found!("Note") - end - end - - desc 'Create a new +noteable+ note' do - success ::API::V3::Entities::Note - end - params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' - requires :body, type: String, desc: 'The content of a note' - optional :created_at, type: String, desc: 'The creation date of the note' - end - post ":id/#{noteables_str}/:noteable_id/notes" do - opts = { - note: params[:body], - noteable_type: noteables_str.classify, - noteable_id: params[:noteable_id] - } - - noteable = user_project.public_send(noteables_str.to_sym).find(params[:noteable_id]) # rubocop:disable GitlabSecurity/PublicSend - - if can?(current_user, noteable_read_ability_name(noteable), noteable) - if params[:created_at] && (current_user.admin? || user_project.owner == current_user) - opts[:created_at] = params[:created_at] - end - - note = ::Notes::CreateService.new(user_project, current_user, opts).execute - if note.valid? - present note, with: ::API::V3::Entities.const_get(note.class.name) - else - not_found!("Note #{note.errors.messages}") - end - else - not_found!("Note") - end - end - - desc 'Update an existing +noteable+ note' do - success ::API::V3::Entities::Note - end - params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' - requires :note_id, type: Integer, desc: 'The ID of a note' - requires :body, type: String, desc: 'The content of a note' - end - put ":id/#{noteables_str}/:noteable_id/notes/:note_id" do - note = user_project.notes.find(params[:note_id]) - - authorize! :admin_note, note - - opts = { - note: params[:body] - } - - note = ::Notes::UpdateService.new(user_project, current_user, opts).execute(note) - - if note.valid? - present note, with: ::API::V3::Entities::Note - else - render_api_error!("Failed to save note #{note.errors.messages}", 400) - end - end - - desc 'Delete a +noteable+ note' do - success ::API::V3::Entities::Note - end - params do - requires :noteable_id, type: Integer, desc: 'The ID of the noteable' - requires :note_id, type: Integer, desc: 'The ID of a note' - end - delete ":id/#{noteables_str}/:noteable_id/notes/:note_id" do - note = user_project.notes.find(params[:note_id]) - authorize! :admin_note, note - - ::Notes::DestroyService.new(user_project, current_user).execute(note) - - present note, with: ::API::V3::Entities::Note - end - end - end - - helpers do - def noteable_read_ability_name(noteable) - "read_#{noteable.class.to_s.underscore}".to_sym - end - end - end - end -end diff --git a/lib/api/v3/pipelines.rb b/lib/api/v3/pipelines.rb deleted file mode 100644 index 6d31c12f572..00000000000 --- a/lib/api/v3/pipelines.rb +++ /dev/null @@ -1,38 +0,0 @@ -module API - module V3 - class Pipelines < Grape::API - include PaginationParams - - before { authenticate! } - - params do - requires :id, type: String, desc: 'The project ID' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get all Pipelines of the project' do - detail 'This feature was introduced in GitLab 8.11.' - success ::API::Entities::Pipeline - end - params do - use :pagination - optional :scope, type: String, values: %w(running branches tags), - desc: 'Either running, branches, or tags' - end - get ':id/pipelines' do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42123') - - authorize! :read_pipeline, user_project - - pipelines = PipelinesFinder.new(user_project, scope: params[:scope]).execute - present paginate(pipelines), with: ::API::Entities::Pipeline - end - end - - helpers do - def pipeline - @pipeline ||= user_project.pipelines.find(params[:pipeline_id]) - end - end - end - end -end diff --git a/lib/api/v3/project_hooks.rb b/lib/api/v3/project_hooks.rb deleted file mode 100644 index 631944150c7..00000000000 --- a/lib/api/v3/project_hooks.rb +++ /dev/null @@ -1,111 +0,0 @@ -module API - module V3 - class ProjectHooks < Grape::API - include PaginationParams - - before { authenticate! } - before { authorize_admin_project } - - helpers do - params :project_hook_properties do - requires :url, type: String, desc: "The URL to send the request to" - optional :push_events, type: Boolean, desc: "Trigger hook on push events" - optional :issues_events, type: Boolean, desc: "Trigger hook on issues events" - optional :confidential_issues_events, type: Boolean, desc: "Trigger hook on confidential issues events" - optional :merge_requests_events, type: Boolean, desc: "Trigger hook on merge request events" - optional :tag_push_events, type: Boolean, desc: "Trigger hook on tag push events" - optional :note_events, type: Boolean, desc: "Trigger hook on note(comment) events" - optional :build_events, type: Boolean, desc: "Trigger hook on build events" - optional :pipeline_events, type: Boolean, desc: "Trigger hook on pipeline events" - optional :wiki_page_events, type: Boolean, desc: "Trigger hook on wiki events" - optional :enable_ssl_verification, type: Boolean, desc: "Do SSL verification when triggering the hook" - optional :token, type: String, desc: "Secret token to validate received payloads; this will not be returned in the response" - end - end - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get project hooks' do - success ::API::V3::Entities::ProjectHook - end - params do - use :pagination - end - get ":id/hooks" do - hooks = paginate user_project.hooks - - present hooks, with: ::API::V3::Entities::ProjectHook - end - - desc 'Get a project hook' do - success ::API::V3::Entities::ProjectHook - end - params do - requires :hook_id, type: Integer, desc: 'The ID of a project hook' - end - get ":id/hooks/:hook_id" do - hook = user_project.hooks.find(params[:hook_id]) - present hook, with: ::API::V3::Entities::ProjectHook - end - - desc 'Add hook to project' do - success ::API::V3::Entities::ProjectHook - end - params do - use :project_hook_properties - end - post ":id/hooks" do - attrs = declared_params(include_missing: false) - attrs[:job_events] = attrs.delete(:build_events) if attrs.key?(:build_events) - hook = user_project.hooks.new(attrs) - - if hook.save - present hook, with: ::API::V3::Entities::ProjectHook - else - error!("Invalid url given", 422) if hook.errors[:url].present? - - not_found!("Project hook #{hook.errors.messages}") - end - end - - desc 'Update an existing project hook' do - success ::API::V3::Entities::ProjectHook - end - params do - requires :hook_id, type: Integer, desc: "The ID of the hook to update" - use :project_hook_properties - end - put ":id/hooks/:hook_id" do - hook = user_project.hooks.find(params.delete(:hook_id)) - - attrs = declared_params(include_missing: false) - attrs[:job_events] = attrs.delete(:build_events) if attrs.key?(:build_events) - if hook.update_attributes(attrs) - present hook, with: ::API::V3::Entities::ProjectHook - else - error!("Invalid url given", 422) if hook.errors[:url].present? - - not_found!("Project hook #{hook.errors.messages}") - end - end - - desc 'Deletes project hook' do - success ::API::V3::Entities::ProjectHook - end - params do - requires :hook_id, type: Integer, desc: 'The ID of the hook to delete' - end - delete ":id/hooks/:hook_id" do - begin - present user_project.hooks.destroy(params[:hook_id]), with: ::API::V3::Entities::ProjectHook - rescue - # ProjectHook can raise Error if hook_id not found - not_found!("Error deleting hook #{params[:hook_id]}") - end - end - end - end - end -end diff --git a/lib/api/v3/project_snippets.rb b/lib/api/v3/project_snippets.rb deleted file mode 100644 index 6ba425ba8c7..00000000000 --- a/lib/api/v3/project_snippets.rb +++ /dev/null @@ -1,143 +0,0 @@ -module API - module V3 - class ProjectSnippets < Grape::API - include PaginationParams - - before { authenticate! } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - helpers do - def handle_project_member_errors(errors) - if errors[:project_access].any? - error!(errors[:project_access], 422) - end - - not_found! - end - - def snippets_for_current_user - SnippetsFinder.new(current_user, project: user_project).execute - end - end - - desc 'Get all project snippets' do - success ::API::V3::Entities::ProjectSnippet - end - params do - use :pagination - end - get ":id/snippets" do - present paginate(snippets_for_current_user), with: ::API::V3::Entities::ProjectSnippet - end - - desc 'Get a single project snippet' do - success ::API::V3::Entities::ProjectSnippet - end - params do - requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' - end - get ":id/snippets/:snippet_id" do - snippet = snippets_for_current_user.find(params[:snippet_id]) - present snippet, with: ::API::V3::Entities::ProjectSnippet - end - - desc 'Create a new project snippet' do - success ::API::V3::Entities::ProjectSnippet - end - params do - requires :title, type: String, desc: 'The title of the snippet' - requires :file_name, type: String, desc: 'The file name of the snippet' - requires :code, type: String, desc: 'The content of the snippet' - requires :visibility_level, type: Integer, - values: [Gitlab::VisibilityLevel::PRIVATE, - Gitlab::VisibilityLevel::INTERNAL, - Gitlab::VisibilityLevel::PUBLIC], - desc: 'The visibility level of the snippet' - end - post ":id/snippets" do - authorize! :create_project_snippet, user_project - snippet_params = declared_params.merge(request: request, api: true) - snippet_params[:content] = snippet_params.delete(:code) - - snippet = CreateSnippetService.new(user_project, current_user, snippet_params).execute - - render_spam_error! if snippet.spam? - - if snippet.persisted? - present snippet, with: ::API::V3::Entities::ProjectSnippet - else - render_validation_error!(snippet) - end - end - - desc 'Update an existing project snippet' do - success ::API::V3::Entities::ProjectSnippet - end - params do - requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' - optional :title, type: String, desc: 'The title of the snippet' - optional :file_name, type: String, desc: 'The file name of the snippet' - optional :code, type: String, desc: 'The content of the snippet' - optional :visibility_level, type: Integer, - values: [Gitlab::VisibilityLevel::PRIVATE, - Gitlab::VisibilityLevel::INTERNAL, - Gitlab::VisibilityLevel::PUBLIC], - desc: 'The visibility level of the snippet' - at_least_one_of :title, :file_name, :code, :visibility_level - end - put ":id/snippets/:snippet_id" do - snippet = snippets_for_current_user.find_by(id: params.delete(:snippet_id)) - not_found!('Snippet') unless snippet - - authorize! :update_project_snippet, snippet - - snippet_params = declared_params(include_missing: false) - .merge(request: request, api: true) - - snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present? - - UpdateSnippetService.new(user_project, current_user, snippet, - snippet_params).execute - - render_spam_error! if snippet.spam? - - if snippet.valid? - present snippet, with: ::API::V3::Entities::ProjectSnippet - else - render_validation_error!(snippet) - end - end - - desc 'Delete a project snippet' - params do - requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' - end - delete ":id/snippets/:snippet_id" do - snippet = snippets_for_current_user.find_by(id: params[:snippet_id]) - not_found!('Snippet') unless snippet - - authorize! :admin_project_snippet, snippet - snippet.destroy - - status(200) - end - - desc 'Get a raw project snippet' - params do - requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' - end - get ":id/snippets/:snippet_id/raw" do - snippet = snippets_for_current_user.find_by(id: params[:snippet_id]) - not_found!('Snippet') unless snippet - - env['api.format'] = :txt - content_type 'text/plain' - present snippet.content - end - end - end - end -end diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb deleted file mode 100644 index eb3dd113524..00000000000 --- a/lib/api/v3/projects.rb +++ /dev/null @@ -1,475 +0,0 @@ -module API - module V3 - class Projects < Grape::API - include PaginationParams - - before { authenticate_non_get! } - - after_validation do - set_only_allow_merge_if_pipeline_succeeds! - end - - helpers do - params :optional_params do - optional :description, type: String, desc: 'The description of the project' - optional :issues_enabled, type: Boolean, desc: 'Flag indication if the issue tracker is enabled' - optional :merge_requests_enabled, type: Boolean, desc: 'Flag indication if merge requests are enabled' - optional :wiki_enabled, type: Boolean, desc: 'Flag indication if the wiki is enabled' - optional :builds_enabled, type: Boolean, desc: 'Flag indication if builds are enabled' - optional :snippets_enabled, type: Boolean, desc: 'Flag indication if snippets are enabled' - optional :shared_runners_enabled, type: Boolean, desc: 'Flag indication if shared runners are enabled for that project' - optional :resolve_outdated_diff_discussions, type: Boolean, desc: 'Automatically resolve merge request diffs discussions on lines changed with a push' - optional :container_registry_enabled, type: Boolean, desc: 'Flag indication if the container registry is enabled for that project' - optional :lfs_enabled, type: Boolean, desc: 'Flag indication if Git LFS is enabled for that project' - optional :public, type: Boolean, desc: 'Create a public project. The same as visibility_level = 20.' - optional :visibility_level, type: Integer, values: [ - Gitlab::VisibilityLevel::PRIVATE, - Gitlab::VisibilityLevel::INTERNAL, - Gitlab::VisibilityLevel::PUBLIC - ], desc: 'Create a public project. The same as visibility_level = 20.' - optional :public_builds, type: Boolean, desc: 'Perform public builds' - optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access' - optional :only_allow_merge_if_build_succeeds, type: Boolean, desc: 'Only allow to merge if builds succeed' - optional :only_allow_merge_if_pipeline_succeeds, type: Boolean, desc: 'Only allow to merge if builds succeed' - optional :only_allow_merge_if_all_discussions_are_resolved, type: Boolean, desc: 'Only allow to merge if all discussions are resolved' - end - - def map_public_to_visibility_level(attrs) - publik = attrs.delete(:public) - if !publik.nil? && !attrs[:visibility_level].present? - # Since setting the public attribute to private could mean either - # private or internal, use the more conservative option, private. - attrs[:visibility_level] = (publik == true) ? Gitlab::VisibilityLevel::PUBLIC : Gitlab::VisibilityLevel::PRIVATE - end - - attrs - end - - def set_only_allow_merge_if_pipeline_succeeds! - if params.key?(:only_allow_merge_if_build_succeeds) - params[:only_allow_merge_if_pipeline_succeeds] = params.delete(:only_allow_merge_if_build_succeeds) - end - end - end - - resource :projects do - helpers do - params :collection_params do - use :sort_params - use :filter_params - use :pagination - - optional :simple, type: Boolean, default: false, - desc: 'Return only the ID, URL, name, and path of each project' - end - - params :sort_params do - optional :order_by, type: String, values: %w[id name path created_at updated_at last_activity_at], - default: 'created_at', desc: 'Return projects ordered by field' - optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return projects sorted in ascending and descending order' - end - - params :filter_params do - optional :archived, type: Boolean, default: nil, desc: 'Limit by archived status' - optional :visibility, type: String, values: %w[public internal private], - desc: 'Limit by visibility' - optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria' - end - - params :statistics_params do - optional :statistics, type: Boolean, default: false, desc: 'Include project statistics' - end - - params :create_params do - optional :namespace_id, type: Integer, desc: 'Namespace ID for the new project. Default to the user namespace.' - optional :import_url, type: String, desc: 'URL from which the project is imported' - end - - def present_projects(projects, options = {}) - options = options.reverse_merge( - with: ::API::V3::Entities::Project, - current_user: current_user, - simple: params[:simple] - ) - - projects = filter_projects(projects) - projects = projects.with_statistics if options[:statistics] - options[:with] = ::API::Entities::BasicProjectDetails if options[:simple] - - present paginate(projects), options - end - end - - desc 'Get a list of visible projects for authenticated user' do - success ::API::Entities::BasicProjectDetails - end - params do - use :collection_params - end - get '/visible' do - entity = current_user ? ::API::V3::Entities::ProjectWithAccess : ::API::Entities::BasicProjectDetails - present_projects ProjectsFinder.new(current_user: current_user).execute, with: entity - end - - desc 'Get a projects list for authenticated user' do - success ::API::Entities::BasicProjectDetails - end - params do - use :collection_params - end - get do - authenticate! - - present_projects current_user.authorized_projects.order_id_desc, - with: ::API::V3::Entities::ProjectWithAccess - end - - desc 'Get an owned projects list for authenticated user' do - success ::API::Entities::BasicProjectDetails - end - params do - use :collection_params - use :statistics_params - end - get '/owned' do - authenticate! - - present_projects current_user.owned_projects, - with: ::API::V3::Entities::ProjectWithAccess, - statistics: params[:statistics] - end - - desc 'Gets starred project for the authenticated user' do - success ::API::Entities::BasicProjectDetails - end - params do - use :collection_params - end - get '/starred' do - authenticate! - - present_projects ProjectsFinder.new(current_user: current_user, params: { starred: true }).execute - end - - desc 'Get all projects for admin user' do - success ::API::Entities::BasicProjectDetails - end - params do - use :collection_params - use :statistics_params - end - get '/all' do - authenticated_as_admin! - - present_projects Project.all, with: ::API::V3::Entities::ProjectWithAccess, statistics: params[:statistics] - end - - desc 'Search for projects the current user has access to' do - success ::API::V3::Entities::Project - end - params do - requires :query, type: String, desc: 'The project name to be searched' - use :sort_params - use :pagination - end - get "/search/:query", requirements: { query: %r{[^/]+} } do - search_service = ::Search::GlobalService.new(current_user, search: params[:query]).execute - projects = search_service.objects('projects', params[:page], false) - projects = projects.reorder(params[:order_by] => params[:sort]) - - present paginate(projects), with: ::API::V3::Entities::Project - end - - desc 'Create new project' do - success ::API::V3::Entities::Project - end - params do - optional :name, type: String, desc: 'The name of the project' - optional :path, type: String, desc: 'The path of the repository' - at_least_one_of :name, :path - use :optional_params - use :create_params - end - post do - attrs = map_public_to_visibility_level(declared_params(include_missing: false)) - project = ::Projects::CreateService.new(current_user, attrs).execute - - if project.saved? - present project, with: ::API::V3::Entities::Project, - user_can_admin_project: can?(current_user, :admin_project, project) - else - if project.errors[:limit_reached].present? - error!(project.errors[:limit_reached], 403) - end - - render_validation_error!(project) - end - end - - desc 'Create new project for a specified user. Only available to admin users.' do - success ::API::V3::Entities::Project - end - params do - requires :name, type: String, desc: 'The name of the project' - requires :user_id, type: Integer, desc: 'The ID of a user' - optional :default_branch, type: String, desc: 'The default branch of the project' - use :optional_params - use :create_params - end - post "user/:user_id" do - authenticated_as_admin! - user = User.find_by(id: params.delete(:user_id)) - not_found!('User') unless user - - attrs = map_public_to_visibility_level(declared_params(include_missing: false)) - project = ::Projects::CreateService.new(user, attrs).execute - - if project.saved? - present project, with: ::API::V3::Entities::Project, - user_can_admin_project: can?(current_user, :admin_project, project) - else - render_validation_error!(project) - end - end - end - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get a single project' do - success ::API::V3::Entities::ProjectWithAccess - end - get ":id" do - entity = current_user ? ::API::V3::Entities::ProjectWithAccess : ::API::Entities::BasicProjectDetails - present user_project, with: entity, current_user: current_user, - user_can_admin_project: can?(current_user, :admin_project, user_project) - end - - desc 'Get events for a single project' do - success ::API::V3::Entities::Event - end - params do - use :pagination - end - get ":id/events" do - present paginate(user_project.events.recent), with: ::API::V3::Entities::Event - end - - desc 'Fork new project for the current user or provided namespace.' do - success ::API::V3::Entities::Project - end - params do - optional :namespace, type: String, desc: 'The ID or name of the namespace that the project will be forked into' - end - post 'fork/:id' do - fork_params = declared_params(include_missing: false) - namespace_id = fork_params[:namespace] - - if namespace_id.present? - fork_params[:namespace] = find_namespace(namespace_id) - - unless fork_params[:namespace] && can?(current_user, :create_projects, fork_params[:namespace]) - not_found!('Target Namespace') - end - end - - forked_project = ::Projects::ForkService.new(user_project, current_user, fork_params).execute - - if forked_project.errors.any? - conflict!(forked_project.errors.messages) - else - present forked_project, with: ::API::V3::Entities::Project, - user_can_admin_project: can?(current_user, :admin_project, forked_project) - end - end - - desc 'Update an existing project' do - success ::API::V3::Entities::Project - end - params do - optional :name, type: String, desc: 'The name of the project' - optional :default_branch, type: String, desc: 'The default branch of the project' - optional :path, type: String, desc: 'The path of the repository' - use :optional_params - at_least_one_of :name, :description, :issues_enabled, :merge_requests_enabled, - :wiki_enabled, :builds_enabled, :snippets_enabled, - :shared_runners_enabled, :resolve_outdated_diff_discussions, - :container_registry_enabled, :lfs_enabled, :public, :visibility_level, - :public_builds, :request_access_enabled, :only_allow_merge_if_build_succeeds, - :only_allow_merge_if_all_discussions_are_resolved, :path, - :default_branch - end - put ':id' do - authorize_admin_project - attrs = map_public_to_visibility_level(declared_params(include_missing: false)) - authorize! :rename_project, user_project if attrs[:name].present? - authorize! :change_visibility_level, user_project if attrs[:visibility_level].present? - - result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute - - if result[:status] == :success - present user_project, with: ::API::V3::Entities::Project, - user_can_admin_project: can?(current_user, :admin_project, user_project) - else - render_validation_error!(user_project) - end - end - - desc 'Archive a project' do - success ::API::V3::Entities::Project - end - post ':id/archive' do - authorize!(:archive_project, user_project) - - user_project.archive! - - present user_project, with: ::API::V3::Entities::Project - end - - desc 'Unarchive a project' do - success ::API::V3::Entities::Project - end - post ':id/unarchive' do - authorize!(:archive_project, user_project) - - user_project.unarchive! - - present user_project, with: ::API::V3::Entities::Project - end - - desc 'Star a project' do - success ::API::V3::Entities::Project - end - post ':id/star' do - if current_user.starred?(user_project) - not_modified! - else - current_user.toggle_star(user_project) - user_project.reload - - present user_project, with: ::API::V3::Entities::Project - end - end - - desc 'Unstar a project' do - success ::API::V3::Entities::Project - end - delete ':id/star' do - if current_user.starred?(user_project) - current_user.toggle_star(user_project) - user_project.reload - - present user_project, with: ::API::V3::Entities::Project - else - not_modified! - end - end - - desc 'Remove a project' - delete ":id" do - authorize! :remove_project, user_project - - status(200) - ::Projects::DestroyService.new(user_project, current_user, {}).async_execute - end - - desc 'Mark this project as forked from another' - params do - requires :forked_from_id, type: String, desc: 'The ID of the project it was forked from' - end - post ":id/fork/:forked_from_id" do - authenticated_as_admin! - - forked_from_project = find_project!(params[:forked_from_id]) - not_found!("Source Project") unless forked_from_project - - if user_project.forked_from_project.nil? - user_project.create_forked_project_link(forked_to_project_id: user_project.id, forked_from_project_id: forked_from_project.id) - - ::Projects::ForksCountService.new(forked_from_project).refresh_cache - else - render_api_error!("Project already forked", 409) - end - end - - desc 'Remove a forked_from relationship' - delete ":id/fork" do - authorize! :remove_fork_project, user_project - - if user_project.forked? - status(200) - user_project.forked_project_link.destroy - else - not_modified! - end - end - - desc 'Share the project with a group' do - success ::API::Entities::ProjectGroupLink - end - params do - requires :group_id, type: Integer, desc: 'The ID of a group' - requires :group_access, type: Integer, values: Gitlab::Access.values, desc: 'The group access level' - optional :expires_at, type: Date, desc: 'Share expiration date' - end - post ":id/share" do - authorize! :admin_project, user_project - group = Group.find_by_id(params[:group_id]) - - unless group && can?(current_user, :read_group, group) - not_found!('Group') - end - - unless user_project.allowed_to_share_with_group? - break render_api_error!("The project sharing with group is disabled", 400) - end - - link = user_project.project_group_links.new(declared_params(include_missing: false)) - - if link.save - present link, with: ::API::Entities::ProjectGroupLink - else - render_api_error!(link.errors.full_messages.first, 409) - end - end - - params do - requires :group_id, type: Integer, desc: 'The ID of the group' - end - delete ":id/share/:group_id" do - authorize! :admin_project, user_project - - link = user_project.project_group_links.find_by(group_id: params[:group_id]) - not_found!('Group Link') unless link - - link.destroy - no_content! - end - - desc 'Upload a file' - params do - requires :file, type: File, desc: 'The file to be uploaded' - end - post ":id/uploads" do - UploadService.new(user_project, params[:file]).execute - end - - desc 'Get the users list of a project' do - success ::API::Entities::UserBasic - end - params do - optional :search, type: String, desc: 'Return list of users matching the search criteria' - use :pagination - end - get ':id/users' do - users = user_project.team.users - users = users.search(params[:search]) if params[:search].present? - - present paginate(users), with: ::API::Entities::UserBasic - end - end - end - end -end diff --git a/lib/api/v3/repositories.rb b/lib/api/v3/repositories.rb deleted file mode 100644 index f701d64e886..00000000000 --- a/lib/api/v3/repositories.rb +++ /dev/null @@ -1,110 +0,0 @@ -require 'mime/types' - -module API - module V3 - class Repositories < Grape::API - before { authorize! :download_code, user_project } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do - helpers do - def handle_project_member_errors(errors) - if errors[:project_access].any? - error!(errors[:project_access], 422) - end - - not_found! - end - end - - desc 'Get a project repository tree' do - success ::API::Entities::TreeObject - end - params do - optional :ref_name, type: String, desc: 'The name of a repository branch or tag, if not given the default branch is used' - optional :path, type: String, desc: 'The path of the tree' - optional :recursive, type: Boolean, default: false, desc: 'Used to get a recursive tree' - end - get ':id/repository/tree' do - ref = params[:ref_name] || user_project.try(:default_branch) || 'master' - path = params[:path] || nil - - commit = user_project.commit(ref) - not_found!('Tree') unless commit - - tree = user_project.repository.tree(commit.id, path, recursive: params[:recursive]) - - present tree.sorted_entries, with: ::API::Entities::TreeObject - end - - desc 'Get a raw file contents' - params do - requires :sha, type: String, desc: 'The commit, branch name, or tag name' - requires :filepath, type: String, desc: 'The path to the file to display' - end - get [":id/repository/blobs/:sha", ":id/repository/commits/:sha/blob"], requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - repo = user_project.repository - commit = repo.commit(params[:sha]) - not_found! "Commit" unless commit - blob = Gitlab::Git::Blob.find(repo, commit.id, params[:filepath]) - not_found! "File" unless blob - send_git_blob repo, blob - end - - desc 'Get a raw blob contents by blob sha' - params do - requires :sha, type: String, desc: 'The commit, branch name, or tag name' - end - get ':id/repository/raw_blobs/:sha', requirements: API::COMMIT_ENDPOINT_REQUIREMENTS do - repo = user_project.repository - begin - blob = Gitlab::Git::Blob.raw(repo, params[:sha]) - rescue - not_found! 'Blob' - end - not_found! 'Blob' unless blob - send_git_blob repo, blob - end - - desc 'Get an archive of the repository' - params do - optional :sha, type: String, desc: 'The commit sha of the archive to be downloaded' - optional :format, type: String, desc: 'The archive format' - end - get ':id/repository/archive', requirements: { format: Gitlab::PathRegex.archive_formats_regex } do - begin - send_git_archive user_project.repository, ref: params[:sha], format: params[:format], append_sha: true - rescue - not_found!('File') - end - end - - desc 'Compare two branches, tags, or commits' do - success ::API::Entities::Compare - end - params do - requires :from, type: String, desc: 'The commit, branch name, or tag name to start comparison' - requires :to, type: String, desc: 'The commit, branch name, or tag name to stop comparison' - end - get ':id/repository/compare' do - compare = Gitlab::Git::Compare.new(user_project.repository.raw_repository, params[:from], params[:to]) - present compare, with: ::API::Entities::Compare - end - - desc 'Get repository contributors' do - success ::API::Entities::Contributor - end - get ':id/repository/contributors' do - begin - present user_project.repository.contributors, - with: ::API::Entities::Contributor - rescue - not_found! - end - end - end - end - end -end diff --git a/lib/api/v3/runners.rb b/lib/api/v3/runners.rb deleted file mode 100644 index 8a5c46805bd..00000000000 --- a/lib/api/v3/runners.rb +++ /dev/null @@ -1,66 +0,0 @@ -module API - module V3 - class Runners < Grape::API - include PaginationParams - - before { authenticate! } - - resource :runners do - desc 'Remove a runner' do - success ::API::Entities::Runner - end - params do - requires :id, type: Integer, desc: 'The ID of the runner' - end - delete ':id' do - runner = Ci::Runner.find(params[:id]) - not_found!('Runner') unless runner - - authenticate_delete_runner!(runner) - - status(200) - runner.destroy - end - end - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - before { authorize_admin_project } - - desc "Disable project's runner" do - success ::API::Entities::Runner - end - params do - requires :runner_id, type: Integer, desc: 'The ID of the runner' - end - delete ':id/runners/:runner_id' do - runner_project = user_project.runner_projects.find_by(runner_id: params[:runner_id]) - not_found!('Runner') unless runner_project - - runner = runner_project.runner - forbidden!("Only one project associated with the runner. Please remove the runner instead") if runner.projects.count == 1 - - runner_project.destroy - - present runner, with: ::API::Entities::Runner - end - end - - helpers do - def authenticate_delete_runner!(runner) - return if current_user.admin? - - forbidden!("Runner is shared") if runner.is_shared? - forbidden!("Runner associated with more than one project") if runner.projects.count > 1 - forbidden!("No access granted") unless user_can_access_runner?(runner) - end - - def user_can_access_runner?(runner) - current_user.ci_owned_runners.exists?(runner.id) - end - end - end - end -end diff --git a/lib/api/v3/services.rb b/lib/api/v3/services.rb deleted file mode 100644 index 20ca1021c71..00000000000 --- a/lib/api/v3/services.rb +++ /dev/null @@ -1,670 +0,0 @@ -module API - module V3 - class Services < Grape::API - services = { - 'asana' => [ - { - required: true, - name: :api_key, - type: String, - desc: 'User API token' - }, - { - required: false, - name: :restrict_to_branch, - type: String, - desc: 'Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches' - } - ], - 'assembla' => [ - { - required: true, - name: :token, - type: String, - desc: 'The authentication token' - }, - { - required: false, - name: :subdomain, - type: String, - desc: 'Subdomain setting' - } - ], - 'bamboo' => [ - { - required: true, - name: :bamboo_url, - type: String, - desc: 'Bamboo root URL like https://bamboo.example.com' - }, - { - required: true, - name: :build_key, - type: String, - desc: 'Bamboo build plan key like' - }, - { - required: true, - name: :username, - type: String, - desc: 'A user with API access, if applicable' - }, - { - required: true, - name: :password, - type: String, - desc: 'Passord of the user' - } - ], - 'bugzilla' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'New issue URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'Issues URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'Project URL' - }, - { - required: false, - name: :description, - type: String, - desc: 'Description' - }, - { - required: false, - name: :title, - type: String, - desc: 'Title' - } - ], - 'buildkite' => [ - { - required: true, - name: :token, - type: String, - desc: 'Buildkite project GitLab token' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'The buildkite project URL' - }, - { - required: false, - name: :enable_ssl_verification, - type: Boolean, - desc: 'Enable SSL verification for communication' - } - ], - 'builds-email' => [ - { - required: true, - name: :recipients, - type: String, - desc: 'Comma-separated list of recipient email addresses' - }, - { - required: false, - name: :add_pusher, - type: Boolean, - desc: 'Add pusher to recipients list' - }, - { - required: false, - name: :notify_only_broken_builds, - type: Boolean, - desc: 'Notify only broken builds' - } - ], - 'campfire' => [ - { - required: true, - name: :token, - type: String, - desc: 'Campfire token' - }, - { - required: false, - name: :subdomain, - type: String, - desc: 'Campfire subdomain' - }, - { - required: false, - name: :room, - type: String, - desc: 'Campfire room' - } - ], - 'custom-issue-tracker' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'New issue URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'Issues URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'Project URL' - }, - { - required: false, - name: :description, - type: String, - desc: 'Description' - }, - { - required: false, - name: :title, - type: String, - desc: 'Title' - } - ], - 'drone-ci' => [ - { - required: true, - name: :token, - type: String, - desc: 'Drone CI token' - }, - { - required: true, - name: :drone_url, - type: String, - desc: 'Drone CI URL' - }, - { - required: false, - name: :enable_ssl_verification, - type: Boolean, - desc: 'Enable SSL verification for communication' - } - ], - 'emails-on-push' => [ - { - required: true, - name: :recipients, - type: String, - desc: 'Comma-separated list of recipient email addresses' - }, - { - required: false, - name: :disable_diffs, - type: Boolean, - desc: 'Disable code diffs' - }, - { - required: false, - name: :send_from_committer_email, - type: Boolean, - desc: 'Send from committer' - } - ], - 'external-wiki' => [ - { - required: true, - name: :external_wiki_url, - type: String, - desc: 'The URL of the external Wiki' - } - ], - 'flowdock' => [ - { - required: true, - name: :token, - type: String, - desc: 'Flowdock token' - } - ], - 'gemnasium' => [ - { - required: true, - name: :api_key, - type: String, - desc: 'Your personal API key on gemnasium.com' - }, - { - required: true, - name: :token, - type: String, - desc: "The project's slug on gemnasium.com" - } - ], - 'hipchat' => [ - { - required: true, - name: :token, - type: String, - desc: 'The room token' - }, - { - required: false, - name: :room, - type: String, - desc: 'The room name or ID' - }, - { - required: false, - name: :color, - type: String, - desc: 'The room color' - }, - { - required: false, - name: :notify, - type: Boolean, - desc: 'Enable notifications' - }, - { - required: false, - name: :api_version, - type: String, - desc: 'Leave blank for default (v2)' - }, - { - required: false, - name: :server, - type: String, - desc: 'Leave blank for default. https://hipchat.example.com' - } - ], - 'irker' => [ - { - required: true, - name: :recipients, - type: String, - desc: 'Recipients/channels separated by whitespaces' - }, - { - required: false, - name: :default_irc_uri, - type: String, - desc: 'Default: irc://irc.network.net:6697' - }, - { - required: false, - name: :server_host, - type: String, - desc: 'Server host. Default localhost' - }, - { - required: false, - name: :server_port, - type: Integer, - desc: 'Server port. Default 6659' - }, - { - required: false, - name: :colorize_messages, - type: Boolean, - desc: 'Colorize messages' - } - ], - 'jira' => [ - { - required: true, - name: :url, - type: String, - desc: 'The URL to the JIRA project which is being linked to this GitLab project, e.g., https://jira.example.com' - }, - { - required: true, - name: :project_key, - type: String, - desc: 'The short identifier for your JIRA project, all uppercase, e.g., PROJ' - }, - { - required: false, - name: :username, - type: String, - desc: 'The username of the user created to be used with GitLab/JIRA' - }, - { - required: false, - name: :password, - type: String, - desc: 'The password of the user created to be used with GitLab/JIRA' - }, - { - required: false, - name: :jira_issue_transition_id, - type: Integer, - desc: 'The ID of a transition that moves issues to a closed state. You can find this number under the JIRA workflow administration (**Administration > Issues > Workflows**) by selecting **View** under **Operations** of the desired workflow of your project. The ID of each state can be found inside the parenthesis of each transition name under the **Transitions (id)** column ([see screenshot][trans]). By default, this ID is set to `2`' - } - ], - - 'kubernetes' => [ - { - required: true, - name: :namespace, - type: String, - desc: 'The Kubernetes namespace to use' - }, - { - required: true, - name: :api_url, - type: String, - desc: 'The URL to the Kubernetes cluster API, e.g., https://kubernetes.example.com' - }, - { - required: true, - name: :token, - type: String, - desc: 'The service token to authenticate against the Kubernetes cluster with' - }, - { - required: false, - name: :ca_pem, - type: String, - desc: 'A custom certificate authority bundle to verify the Kubernetes cluster with (PEM format)' - } - ], - 'mattermost-slash-commands' => [ - { - required: true, - name: :token, - type: String, - desc: 'The Mattermost token' - } - ], - 'slack-slash-commands' => [ - { - required: true, - name: :token, - type: String, - desc: 'The Slack token' - } - ], - 'packagist' => [ - { - required: true, - name: :username, - type: String, - desc: 'The username' - }, - { - required: true, - name: :token, - type: String, - desc: 'The Packagist API token' - }, - { - required: false, - name: :server, - type: String, - desc: 'The server' - } - ], - 'pipelines-email' => [ - { - required: true, - name: :recipients, - type: String, - desc: 'Comma-separated list of recipient email addresses' - }, - { - required: false, - name: :notify_only_broken_builds, - type: Boolean, - desc: 'Notify only broken builds' - } - ], - 'pivotaltracker' => [ - { - required: true, - name: :token, - type: String, - desc: 'The Pivotaltracker token' - }, - { - required: false, - name: :restrict_to_branch, - type: String, - desc: 'Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches.' - } - ], - 'pushover' => [ - { - required: true, - name: :api_key, - type: String, - desc: 'The application key' - }, - { - required: true, - name: :user_key, - type: String, - desc: 'The user key' - }, - { - required: true, - name: :priority, - type: String, - desc: 'The priority' - }, - { - required: true, - name: :device, - type: String, - desc: 'Leave blank for all active devices' - }, - { - required: true, - name: :sound, - type: String, - desc: 'The sound of the notification' - } - ], - 'redmine' => [ - { - required: true, - name: :new_issue_url, - type: String, - desc: 'The new issue URL' - }, - { - required: true, - name: :project_url, - type: String, - desc: 'The project URL' - }, - { - required: true, - name: :issues_url, - type: String, - desc: 'The issues URL' - }, - { - required: false, - name: :description, - type: String, - desc: 'The description of the tracker' - } - ], - 'slack' => [ - { - required: true, - name: :webhook, - type: String, - desc: 'The Slack webhook. e.g. https://hooks.slack.com/services/...' - }, - { - required: false, - name: :new_issue_url, - type: String, - desc: 'The user name' - }, - { - required: false, - name: :channel, - type: String, - desc: 'The channel name' - } - ], - 'microsoft-teams' => [ - required: true, - name: :webhook, - type: String, - desc: 'The Microsoft Teams webhook. e.g. https://outlook.office.com/webhook/…' - ], - 'mattermost' => [ - { - required: true, - name: :webhook, - type: String, - desc: 'The Mattermost webhook. e.g. http://mattermost_host/hooks/...' - } - ], - 'teamcity' => [ - { - required: true, - name: :teamcity_url, - type: String, - desc: 'TeamCity root URL like https://teamcity.example.com' - }, - { - required: true, - name: :build_type, - type: String, - desc: 'Build configuration ID' - }, - { - required: true, - name: :username, - type: String, - desc: 'A user with permissions to trigger a manual build' - }, - { - required: true, - name: :password, - type: String, - desc: 'The password of the user' - } - ] - } - - trigger_services = { - 'mattermost-slash-commands' => [ - { - name: :token, - type: String, - desc: 'The Mattermost token' - } - ], - 'slack-slash-commands' => [ - { - name: :token, - type: String, - desc: 'The Slack token' - } - ] - }.freeze - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - before { authenticate! } - before { authorize_admin_project } - - helpers do - def service_attributes(service) - service.fields.inject([]) do |arr, hash| - arr << hash[:name].to_sym - end - end - end - - desc "Delete a service for project" - params do - requires :service_slug, type: String, values: services.keys, desc: 'The name of the service' - end - delete ":id/services/:service_slug" do - service = user_project.find_or_initialize_service(params[:service_slug].underscore) - - attrs = service_attributes(service).inject({}) do |hash, key| - hash.merge!(key => nil) - end - - if service.update_attributes(attrs.merge(active: false)) - status(200) - true - else - render_api_error!('400 Bad Request', 400) - end - end - - desc 'Get the service settings for project' do - success Entities::ProjectService - end - params do - requires :service_slug, type: String, values: services.keys, desc: 'The name of the service' - end - get ":id/services/:service_slug" do - service = user_project.find_or_initialize_service(params[:service_slug].underscore) - present service, with: Entities::ProjectService - end - end - - trigger_services.each do |service_slug, settings| - helpers do - def slash_command_service(project, service_slug, params) - project.services.active.where(template: false).find do |service| - service.try(:token) == params[:token] && service.to_param == service_slug.underscore - end - end - end - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc "Trigger a slash command for #{service_slug}" do - detail 'Added in GitLab 8.13' - end - params do - settings.each do |setting| - requires setting[:name], type: setting[:type], desc: setting[:desc] - end - end - post ":id/services/#{service_slug.underscore}/trigger" do - project = find_project(params[:id]) - - # This is not accurate, but done to prevent leakage of the project names - not_found!('Service') unless project - - service = slash_command_service(project, service_slug, params) - result = service.try(:trigger, params) - - if result - status result[:status] || 200 - present result - else - not_found!('Service') - end - end - end - end - end - end -end diff --git a/lib/api/v3/settings.rb b/lib/api/v3/settings.rb deleted file mode 100644 index fc56495c8b1..00000000000 --- a/lib/api/v3/settings.rb +++ /dev/null @@ -1,147 +0,0 @@ -module API - module V3 - class Settings < Grape::API - before { authenticated_as_admin! } - - helpers do - def current_settings - @current_setting ||= - (ApplicationSetting.current_without_cache || ApplicationSetting.create_from_defaults) - end - end - - desc 'Get the current application settings' do - success Entities::ApplicationSetting - end - get "application/settings" do - present current_settings, with: Entities::ApplicationSetting - end - - desc 'Modify application settings' do - success Entities::ApplicationSetting - end - params do - optional :default_branch_protection, type: Integer, values: [0, 1, 2], desc: 'Determine if developers can push to master' - optional :default_project_visibility, type: Integer, values: Gitlab::VisibilityLevel.values, desc: 'The default project visibility' - optional :default_snippet_visibility, type: Integer, values: Gitlab::VisibilityLevel.values, desc: 'The default snippet visibility' - optional :default_group_visibility, type: Integer, values: Gitlab::VisibilityLevel.values, desc: 'The default group visibility' - optional :restricted_visibility_levels, type: Array[String], desc: 'Selected levels cannot be used by non-admin users for projects or snippets. If the public level is restricted, user profiles are only visible to logged in users.' - optional :import_sources, type: Array[String], values: %w[github bitbucket gitlab google_code fogbugz git gitlab_project], - desc: 'Enabled sources for code import during project creation. OmniAuth must be configured for GitHub, Bitbucket, and GitLab.com' - optional :disabled_oauth_sign_in_sources, type: Array[String], desc: 'Disable certain OAuth sign-in sources' - optional :enabled_git_access_protocol, type: String, values: %w[ssh http nil], desc: 'Allow only the selected protocols to be used for Git access.' - optional :gravatar_enabled, type: Boolean, desc: 'Flag indicating if the Gravatar service is enabled' - optional :default_projects_limit, type: Integer, desc: 'The maximum number of personal projects' - optional :max_attachment_size, type: Integer, desc: 'Maximum attachment size in MB' - optional :session_expire_delay, type: Integer, desc: 'Session duration in minutes. GitLab restart is required to apply changes.' - optional :user_oauth_applications, type: Boolean, desc: 'Allow users to register any application to use GitLab as an OAuth provider' - optional :user_default_external, type: Boolean, desc: 'Newly registered users will by default be external' - optional :signup_enabled, type: Boolean, desc: 'Flag indicating if sign up is enabled' - optional :send_user_confirmation_email, type: Boolean, desc: 'Send confirmation email on sign-up' - optional :domain_whitelist, type: String, desc: 'ONLY users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com' - optional :domain_blacklist_enabled, type: Boolean, desc: 'Enable domain blacklist for sign ups' - given domain_blacklist_enabled: ->(val) { val } do - requires :domain_blacklist, type: String, desc: 'Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com' - end - optional :after_sign_up_text, type: String, desc: 'Text shown after sign up' - optional :password_authentication_enabled, type: Boolean, desc: 'Flag indicating if password authentication is enabled for the web interface' - optional :signin_enabled, type: Boolean, desc: 'Flag indicating if password authentication is enabled for the web interface' - mutually_exclusive :password_authentication_enabled, :signin_enabled - optional :require_two_factor_authentication, type: Boolean, desc: 'Require all users to setup Two-factor authentication' - given require_two_factor_authentication: ->(val) { val } do - requires :two_factor_grace_period, type: Integer, desc: 'Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication' - end - optional :home_page_url, type: String, desc: 'We will redirect non-logged in users to this page' - optional :after_sign_out_path, type: String, desc: 'We will redirect users to this page after they sign out' - optional :sign_in_text, type: String, desc: 'The sign in text of the GitLab application' - optional :help_page_text, type: String, desc: 'Custom text displayed on the help page' - optional :shared_runners_enabled, type: Boolean, desc: 'Enable shared runners for new projects' - given shared_runners_enabled: ->(val) { val } do - requires :shared_runners_text, type: String, desc: 'Shared runners text ' - end - optional :max_artifacts_size, type: Integer, desc: "Set the maximum file size each build's artifacts can have" - optional :max_pages_size, type: Integer, desc: 'Maximum size of pages in MB' - optional :container_registry_token_expire_delay, type: Integer, desc: 'Authorization token duration (minutes)' - optional :metrics_enabled, type: Boolean, desc: 'Enable the InfluxDB metrics' - given metrics_enabled: ->(val) { val } do - requires :metrics_host, type: String, desc: 'The InfluxDB host' - requires :metrics_port, type: Integer, desc: 'The UDP port to use for connecting to InfluxDB' - requires :metrics_pool_size, type: Integer, desc: 'The amount of InfluxDB connections to open' - requires :metrics_timeout, type: Integer, desc: 'The amount of seconds after which an InfluxDB connection will time out' - requires :metrics_method_call_threshold, type: Integer, desc: 'A method call is only tracked when it takes longer to complete than the given amount of milliseconds.' - requires :metrics_sample_interval, type: Integer, desc: 'The sampling interval in seconds' - requires :metrics_packet_size, type: Integer, desc: 'The amount of points to store in a single UDP packet' - end - optional :sidekiq_throttling_enabled, type: Boolean, desc: 'Enable Sidekiq Job Throttling' - given sidekiq_throttling_enabled: ->(val) { val } do - requires :sidekiq_throttling_queus, type: Array[String], desc: 'Choose which queues you wish to throttle' - requires :sidekiq_throttling_factor, type: Float, desc: 'The factor by which the queues should be throttled. A value between 0.0 and 1.0, exclusive.' - end - optional :recaptcha_enabled, type: Boolean, desc: 'Helps prevent bots from creating accounts' - given recaptcha_enabled: ->(val) { val } do - requires :recaptcha_site_key, type: String, desc: 'Generate site key at http://www.google.com/recaptcha' - requires :recaptcha_private_key, type: String, desc: 'Generate private key at http://www.google.com/recaptcha' - end - optional :akismet_enabled, type: Boolean, desc: 'Helps prevent bots from creating issues' - given akismet_enabled: ->(val) { val } do - requires :akismet_api_key, type: String, desc: 'Generate API key at http://www.akismet.com' - end - optional :admin_notification_email, type: String, desc: 'Abuse reports will be sent to this address if it is set. Abuse reports are always available in the admin area.' - optional :sentry_enabled, type: Boolean, desc: 'Sentry is an error reporting and logging tool which is currently not shipped with GitLab, get it here: https://getsentry.com' - given sentry_enabled: ->(val) { val } do - requires :sentry_dsn, type: String, desc: 'Sentry Data Source Name' - end - optional :repository_storage, type: String, desc: 'Storage paths for new projects' - optional :repository_checks_enabled, type: Boolean, desc: "GitLab will periodically run 'git fsck' in all project and wiki repositories to look for silent disk corruption issues." - optional :koding_enabled, type: Boolean, desc: 'Enable Koding' - given koding_enabled: ->(val) { val } do - requires :koding_url, type: String, desc: 'The Koding team URL' - end - optional :plantuml_enabled, type: Boolean, desc: 'Enable PlantUML' - given plantuml_enabled: ->(val) { val } do - requires :plantuml_url, type: String, desc: 'The PlantUML server URL' - end - optional :version_check_enabled, type: Boolean, desc: 'Let GitLab inform you when an update is available.' - optional :email_author_in_body, type: Boolean, desc: 'Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.' - optional :html_emails_enabled, type: Boolean, desc: 'By default GitLab sends emails in HTML and plain text formats so mail clients can choose what format to use. Disable this option if you only want to send emails in plain text format.' - optional :housekeeping_enabled, type: Boolean, desc: 'Enable automatic repository housekeeping (git repack, git gc)' - given housekeeping_enabled: ->(val) { val } do - requires :housekeeping_bitmaps_enabled, type: Boolean, desc: "Creating pack file bitmaps makes housekeeping take a little longer but bitmaps should accelerate 'git clone' performance." - requires :housekeeping_incremental_repack_period, type: Integer, desc: "Number of Git pushes after which an incremental 'git repack' is run." - requires :housekeeping_full_repack_period, type: Integer, desc: "Number of Git pushes after which a full 'git repack' is run." - requires :housekeeping_gc_period, type: Integer, desc: "Number of Git pushes after which 'git gc' is run." - end - optional :terminal_max_session_time, type: Integer, desc: 'Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.' - at_least_one_of :default_branch_protection, :default_project_visibility, :default_snippet_visibility, - :default_group_visibility, :restricted_visibility_levels, :import_sources, - :enabled_git_access_protocol, :gravatar_enabled, :default_projects_limit, - :max_attachment_size, :session_expire_delay, :disabled_oauth_sign_in_sources, - :user_oauth_applications, :user_default_external, :signup_enabled, - :send_user_confirmation_email, :domain_whitelist, :domain_blacklist_enabled, - :after_sign_up_text, :password_authentication_enabled, :signin_enabled, :require_two_factor_authentication, - :home_page_url, :after_sign_out_path, :sign_in_text, :help_page_text, - :shared_runners_enabled, :max_artifacts_size, :max_pages_size, :container_registry_token_expire_delay, - :metrics_enabled, :sidekiq_throttling_enabled, :recaptcha_enabled, - :akismet_enabled, :admin_notification_email, :sentry_enabled, - :repository_storage, :repository_checks_enabled, :koding_enabled, :plantuml_enabled, - :version_check_enabled, :email_author_in_body, :html_emails_enabled, - :housekeeping_enabled, :terminal_max_session_time - end - put "application/settings" do - attrs = declared_params(include_missing: false) - - if attrs.has_key?(:signin_enabled) - attrs[:password_authentication_enabled_for_web] = attrs.delete(:signin_enabled) - elsif attrs.has_key?(:password_authentication_enabled) - attrs[:password_authentication_enabled_for_web] = attrs.delete(:password_authentication_enabled) - end - - if current_settings.update_attributes(attrs) - present current_settings, with: Entities::ApplicationSetting - else - render_validation_error!(current_settings) - end - end - end - end -end diff --git a/lib/api/v3/snippets.rb b/lib/api/v3/snippets.rb deleted file mode 100644 index 1df8a20e74a..00000000000 --- a/lib/api/v3/snippets.rb +++ /dev/null @@ -1,141 +0,0 @@ -module API - module V3 - class Snippets < Grape::API - include PaginationParams - - before { authenticate! } - - resource :snippets do - helpers do - def snippets_for_current_user - SnippetsFinder.new(current_user, author: current_user).execute - end - - def public_snippets - SnippetsFinder.new(current_user, visibility: Snippet::PUBLIC).execute - end - end - - desc 'Get a snippets list for authenticated user' do - detail 'This feature was introduced in GitLab 8.15.' - success ::API::Entities::PersonalSnippet - end - params do - use :pagination - end - get do - present paginate(snippets_for_current_user), with: ::API::Entities::PersonalSnippet - end - - desc 'List all public snippets current_user has access to' do - detail 'This feature was introduced in GitLab 8.15.' - success ::API::Entities::PersonalSnippet - end - params do - use :pagination - end - get 'public' do - present paginate(public_snippets), with: ::API::Entities::PersonalSnippet - end - - desc 'Get a single snippet' do - detail 'This feature was introduced in GitLab 8.15.' - success ::API::Entities::PersonalSnippet - end - params do - requires :id, type: Integer, desc: 'The ID of a snippet' - end - get ':id' do - snippet = snippets_for_current_user.find(params[:id]) - present snippet, with: ::API::Entities::PersonalSnippet - end - - desc 'Create new snippet' do - detail 'This feature was introduced in GitLab 8.15.' - success ::API::Entities::PersonalSnippet - end - params do - requires :title, type: String, desc: 'The title of a snippet' - requires :file_name, type: String, desc: 'The name of a snippet file' - requires :content, type: String, desc: 'The content of a snippet' - optional :visibility_level, type: Integer, - values: Gitlab::VisibilityLevel.values, - default: Gitlab::VisibilityLevel::INTERNAL, - desc: 'The visibility level of the snippet' - end - post do - attrs = declared_params(include_missing: false).merge(request: request, api: true) - snippet = CreateSnippetService.new(nil, current_user, attrs).execute - - if snippet.persisted? - present snippet, with: ::API::Entities::PersonalSnippet - else - render_validation_error!(snippet) - end - end - - desc 'Update an existing snippet' do - detail 'This feature was introduced in GitLab 8.15.' - success ::API::Entities::PersonalSnippet - end - params do - requires :id, type: Integer, desc: 'The ID of a snippet' - optional :title, type: String, desc: 'The title of a snippet' - optional :file_name, type: String, desc: 'The name of a snippet file' - optional :content, type: String, desc: 'The content of a snippet' - optional :visibility_level, type: Integer, - values: Gitlab::VisibilityLevel.values, - desc: 'The visibility level of the snippet' - at_least_one_of :title, :file_name, :content, :visibility_level - end - put ':id' do - snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - break not_found!('Snippet') unless snippet - - authorize! :update_personal_snippet, snippet - - attrs = declared_params(include_missing: false) - - UpdateSnippetService.new(nil, current_user, snippet, attrs).execute - - if snippet.persisted? - present snippet, with: ::API::Entities::PersonalSnippet - else - render_validation_error!(snippet) - end - end - - desc 'Remove snippet' do - detail 'This feature was introduced in GitLab 8.15.' - success ::API::Entities::PersonalSnippet - end - params do - requires :id, type: Integer, desc: 'The ID of a snippet' - end - delete ':id' do - snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - break not_found!('Snippet') unless snippet - - authorize! :destroy_personal_snippet, snippet - snippet.destroy - no_content! - end - - desc 'Get a raw snippet' do - detail 'This feature was introduced in GitLab 8.15.' - end - params do - requires :id, type: Integer, desc: 'The ID of a snippet' - end - get ":id/raw" do - snippet = snippets_for_current_user.find_by(id: params.delete(:id)) - break not_found!('Snippet') unless snippet - - env['api.format'] = :txt - content_type 'text/plain' - present snippet.content - end - end - end - end -end diff --git a/lib/api/v3/subscriptions.rb b/lib/api/v3/subscriptions.rb deleted file mode 100644 index 690768db82f..00000000000 --- a/lib/api/v3/subscriptions.rb +++ /dev/null @@ -1,53 +0,0 @@ -module API - module V3 - class Subscriptions < Grape::API - before { authenticate! } - - subscribable_types = { - 'merge_request' => proc { |id| find_merge_request_with_access(id, :update_merge_request) }, - 'merge_requests' => proc { |id| find_merge_request_with_access(id, :update_merge_request) }, - 'issues' => proc { |id| find_project_issue(id) }, - 'labels' => proc { |id| find_project_label(id) } - } - - params do - requires :id, type: String, desc: 'The ID of a project' - requires :subscribable_id, type: String, desc: 'The ID of a resource' - end - resource :projects, requirements: { id: %r{[^/]+} } do - subscribable_types.each do |type, finder| - type_singularized = type.singularize - entity_class = ::API::Entities.const_get(type_singularized.camelcase) - - desc 'Subscribe to a resource' do - success entity_class - end - post ":id/#{type}/:subscribable_id/subscription" do - resource = instance_exec(params[:subscribable_id], &finder) - - if resource.subscribed?(current_user, user_project) - not_modified! - else - resource.subscribe(current_user, user_project) - present resource, with: entity_class, current_user: current_user, project: user_project - end - end - - desc 'Unsubscribe from a resource' do - success entity_class - end - delete ":id/#{type}/:subscribable_id/subscription" do - resource = instance_exec(params[:subscribable_id], &finder) - - if !resource.subscribed?(current_user, user_project) - not_modified! - else - resource.unsubscribe(current_user, user_project) - present resource, with: entity_class, current_user: current_user, project: user_project - end - end - end - end - end - end -end diff --git a/lib/api/v3/system_hooks.rb b/lib/api/v3/system_hooks.rb deleted file mode 100644 index 5787c06fc12..00000000000 --- a/lib/api/v3/system_hooks.rb +++ /dev/null @@ -1,32 +0,0 @@ -module API - module V3 - class SystemHooks < Grape::API - before do - authenticate! - authenticated_as_admin! - end - - resource :hooks do - desc 'Get the list of system hooks' do - success ::API::Entities::Hook - end - get do - present SystemHook.all, with: ::API::Entities::Hook - end - - desc 'Delete a hook' do - success ::API::Entities::Hook - end - params do - requires :id, type: Integer, desc: 'The ID of the system hook' - end - delete ":id" do - hook = SystemHook.find_by(id: params[:id]) - not_found!('System hook') unless hook - - present hook.destroy, with: ::API::Entities::Hook - end - end - end - end -end diff --git a/lib/api/v3/tags.rb b/lib/api/v3/tags.rb deleted file mode 100644 index 6e37d31d153..00000000000 --- a/lib/api/v3/tags.rb +++ /dev/null @@ -1,40 +0,0 @@ -module API - module V3 - class Tags < Grape::API - before { authorize! :download_code, user_project } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Get a project repository tags' do - success ::API::Entities::Tag - end - get ":id/repository/tags" do - tags = user_project.repository.tags.sort_by(&:name).reverse - present tags, with: ::API::Entities::Tag, project: user_project - end - - desc 'Delete a repository tag' - params do - requires :tag_name, type: String, desc: 'The name of the tag' - end - delete ":id/repository/tags/:tag_name", requirements: { tag_name: /.+/ } do - authorize_push_project - - result = ::Tags::DestroyService.new(user_project, current_user) - .execute(params[:tag_name]) - - if result[:status] == :success - status(200) - { - tag_name: params[:tag_name] - } - else - render_api_error!(result[:message], result[:return_code]) - end - end - end - end - end -end diff --git a/lib/api/v3/templates.rb b/lib/api/v3/templates.rb deleted file mode 100644 index b82b02b5f49..00000000000 --- a/lib/api/v3/templates.rb +++ /dev/null @@ -1,122 +0,0 @@ -module API - module V3 - class Templates < Grape::API - GLOBAL_TEMPLATE_TYPES = { - gitignores: { - klass: Gitlab::Template::GitignoreTemplate, - gitlab_version: 8.8 - }, - gitlab_ci_ymls: { - klass: Gitlab::Template::GitlabCiYmlTemplate, - gitlab_version: 8.9 - }, - dockerfiles: { - klass: Gitlab::Template::DockerfileTemplate, - gitlab_version: 8.15 - } - }.freeze - PROJECT_TEMPLATE_REGEX = - %r{[\<\{\[] - (project|description| - one\sline\s.+\swhat\sit\sdoes\.) # matching the start and end is enough here - [\>\}\]]}xi.freeze - YEAR_TEMPLATE_REGEX = /[<{\[](year|yyyy)[>}\]]/i.freeze - FULLNAME_TEMPLATE_REGEX = - %r{[\<\{\[] - (fullname|name\sof\s(author|copyright\sowner)) - [\>\}\]]}xi.freeze - DEPRECATION_MESSAGE = ' This endpoint is deprecated and has been removed in V4.'.freeze - - helpers do - def parsed_license_template - # We create a fresh Licensee::License object since we'll modify its - # content in place below. - template = Licensee::License.new(params[:name]) - - template.content.gsub!(YEAR_TEMPLATE_REGEX, Time.now.year.to_s) - template.content.gsub!(PROJECT_TEMPLATE_REGEX, params[:project]) if params[:project].present? - - fullname = params[:fullname].presence || current_user.try(:name) - template.content.gsub!(FULLNAME_TEMPLATE_REGEX, fullname) if fullname - template - end - - def render_response(template_type, template) - not_found!(template_type.to_s.singularize) unless template - present template, with: ::API::Entities::Template - end - end - - { "licenses" => :deprecated, "templates/licenses" => :ok }.each do |route, status| - desc 'Get the list of the available license template' do - detailed_desc = 'This feature was introduced in GitLab 8.7.' - detailed_desc << DEPRECATION_MESSAGE unless status == :ok - detail detailed_desc - success ::API::Entities::License - end - params do - optional :popular, type: Boolean, desc: 'If passed, returns only popular licenses' - end - get route do - options = { - featured: declared(params)[:popular].present? ? true : nil - } - present Licensee::License.all(options), with: ::API::Entities::License - end - end - - { "licenses/:name" => :deprecated, "templates/licenses/:name" => :ok }.each do |route, status| - desc 'Get the text for a specific license' do - detailed_desc = 'This feature was introduced in GitLab 8.7.' - detailed_desc << DEPRECATION_MESSAGE unless status == :ok - detail detailed_desc - success ::API::Entities::License - end - params do - requires :name, type: String, desc: 'The name of the template' - end - get route, requirements: { name: /[\w\.-]+/ } do - not_found!('License') unless Licensee::License.find(declared(params)[:name]) - - template = parsed_license_template - - present template, with: ::API::Entities::License - end - end - - GLOBAL_TEMPLATE_TYPES.each do |template_type, properties| - klass = properties[:klass] - gitlab_version = properties[:gitlab_version] - - { template_type => :deprecated, "templates/#{template_type}" => :ok }.each do |route, status| - desc 'Get the list of the available template' do - detailed_desc = "This feature was introduced in GitLab #{gitlab_version}." - detailed_desc << DEPRECATION_MESSAGE unless status == :ok - detail detailed_desc - success ::API::Entities::TemplatesList - end - get route do - present klass.all, with: ::API::Entities::TemplatesList - end - end - - { "#{template_type}/:name" => :deprecated, "templates/#{template_type}/:name" => :ok }.each do |route, status| - desc 'Get the text for a specific template present in local filesystem' do - detailed_desc = "This feature was introduced in GitLab #{gitlab_version}." - detailed_desc << DEPRECATION_MESSAGE unless status == :ok - detail detailed_desc - success ::API::Entities::Template - end - params do - requires :name, type: String, desc: 'The name of the template' - end - get route do - new_template = klass.find(declared(params)[:name]) - - render_response(template_type, new_template) - end - end - end - end - end -end diff --git a/lib/api/v3/time_tracking_endpoints.rb b/lib/api/v3/time_tracking_endpoints.rb deleted file mode 100644 index 1aad39815f9..00000000000 --- a/lib/api/v3/time_tracking_endpoints.rb +++ /dev/null @@ -1,116 +0,0 @@ -module API - module V3 - module TimeTrackingEndpoints - extend ActiveSupport::Concern - - included do - helpers do - def issuable_name - declared_params.key?(:issue_id) ? 'issue' : 'merge_request' - end - - def issuable_key - "#{issuable_name}_id".to_sym - end - - def update_issuable_key - "update_#{issuable_name}".to_sym - end - - def read_issuable_key - "read_#{issuable_name}".to_sym - end - - def load_issuable - @issuable ||= begin - case issuable_name - when 'issue' - find_project_issue(params.delete(issuable_key)) - when 'merge_request' - find_project_merge_request(params.delete(issuable_key)) - end - end - end - - def update_issuable(attrs) - custom_params = declared_params(include_missing: false) - custom_params.merge!(attrs) - - issuable = update_service.new(user_project, current_user, custom_params).execute(load_issuable) - if issuable.valid? - present issuable, with: ::API::Entities::IssuableTimeStats - else - render_validation_error!(issuable) - end - end - - def update_service - issuable_name == 'issue' ? ::Issues::UpdateService : ::MergeRequests::UpdateService - end - end - - issuable_name = name.end_with?('Issues') ? 'issue' : 'merge_request' - issuable_collection_name = issuable_name.pluralize - issuable_key = "#{issuable_name}_id".to_sym - - desc "Set a time estimate for a project #{issuable_name}" - params do - requires issuable_key, type: Integer, desc: "The ID of a project #{issuable_name}" - requires :duration, type: String, desc: 'The duration to be parsed' - end - post ":id/#{issuable_collection_name}/:#{issuable_key}/time_estimate" do - authorize! update_issuable_key, load_issuable - - status :ok - update_issuable(time_estimate: Gitlab::TimeTrackingFormatter.parse(params.delete(:duration))) - end - - desc "Reset the time estimate for a project #{issuable_name}" - params do - requires issuable_key, type: Integer, desc: "The ID of a project #{issuable_name}" - end - post ":id/#{issuable_collection_name}/:#{issuable_key}/reset_time_estimate" do - authorize! update_issuable_key, load_issuable - - status :ok - update_issuable(time_estimate: 0) - end - - desc "Add spent time for a project #{issuable_name}" - params do - requires issuable_key, type: Integer, desc: "The ID of a project #{issuable_name}" - requires :duration, type: String, desc: 'The duration to be parsed' - end - post ":id/#{issuable_collection_name}/:#{issuable_key}/add_spent_time" do - authorize! update_issuable_key, load_issuable - - update_issuable(spend_time: { - duration: Gitlab::TimeTrackingFormatter.parse(params.delete(:duration)), - user_id: current_user.id - }) - end - - desc "Reset spent time for a project #{issuable_name}" - params do - requires issuable_key, type: Integer, desc: "The ID of a project #{issuable_name}" - end - post ":id/#{issuable_collection_name}/:#{issuable_key}/reset_spent_time" do - authorize! update_issuable_key, load_issuable - - status :ok - update_issuable(spend_time: { duration: :reset, user_id: current_user.id }) - end - - desc "Show time stats for a project #{issuable_name}" - params do - requires issuable_key, type: Integer, desc: "The ID of a project #{issuable_name}" - end - get ":id/#{issuable_collection_name}/:#{issuable_key}/time_stats" do - authorize! read_issuable_key, load_issuable - - present load_issuable, with: ::API::Entities::IssuableTimeStats - end - end - end - end -end diff --git a/lib/api/v3/todos.rb b/lib/api/v3/todos.rb deleted file mode 100644 index 3e2c61f6dbd..00000000000 --- a/lib/api/v3/todos.rb +++ /dev/null @@ -1,30 +0,0 @@ -module API - module V3 - class Todos < Grape::API - before { authenticate! } - - resource :todos do - desc 'Mark a todo as done' do - success ::API::Entities::Todo - end - params do - requires :id, type: Integer, desc: 'The ID of the todo being marked as done' - end - delete ':id' do - TodoService.new.mark_todos_as_done_by_ids(params[:id], current_user) - todo = current_user.todos.find(params[:id]) - - present todo, with: ::API::Entities::Todo, current_user: current_user - end - - desc 'Mark all todos as done' - delete do - status(200) - - todos = TodosFinder.new(current_user, params).execute - TodoService.new.mark_todos_as_done(todos, current_user).size - end - end - end - end -end diff --git a/lib/api/v3/triggers.rb b/lib/api/v3/triggers.rb deleted file mode 100644 index 969bb2a05de..00000000000 --- a/lib/api/v3/triggers.rb +++ /dev/null @@ -1,112 +0,0 @@ -module API - module V3 - class Triggers < Grape::API - include PaginationParams - - params do - requires :id, type: String, desc: 'The ID of a project' - end - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Trigger a GitLab project build' do - success ::API::V3::Entities::TriggerRequest - end - params do - requires :ref, type: String, desc: 'The commit sha or name of a branch or tag' - requires :token, type: String, desc: 'The unique token of trigger' - optional :variables, type: Hash, desc: 'The list of variables to be injected into build' - end - post ":id/(ref/:ref/)trigger/builds", requirements: { ref: /.+/ } do - Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42121') - - # validate variables - params[:variables] = params[:variables].to_h - unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) } - render_api_error!('variables needs to be a map of key-valued strings', 400) - end - - project = find_project(params[:id]) - not_found! unless project - - result = Ci::PipelineTriggerService.new(project, nil, params).execute - not_found! unless result - - if result[:http_status] - render_api_error!(result[:message], result[:http_status]) - else - pipeline = result[:pipeline] - - # We switched to Ci::PipelineVariable from Ci::TriggerRequest.variables. - # Ci::TriggerRequest doesn't save variables anymore. - # Here is copying Ci::PipelineVariable to Ci::TriggerRequest.variables for presenting the variables. - # The same endpoint in v4 API pressents Pipeline instead of TriggerRequest, so it doesn't need such a process. - trigger_request = pipeline.trigger_requests.last - trigger_request.variables = params[:variables] - - present trigger_request, with: ::API::V3::Entities::TriggerRequest - end - end - - desc 'Get triggers list' do - success ::API::V3::Entities::Trigger - end - params do - use :pagination - end - get ':id/triggers' do - authenticate! - authorize! :admin_build, user_project - - triggers = user_project.triggers.includes(:trigger_requests) - - present paginate(triggers), with: ::API::V3::Entities::Trigger - end - - desc 'Get specific trigger of a project' do - success ::API::V3::Entities::Trigger - end - params do - requires :token, type: String, desc: 'The unique token of trigger' - end - get ':id/triggers/:token' do - authenticate! - authorize! :admin_build, user_project - - trigger = user_project.triggers.find_by(token: params[:token].to_s) - break not_found!('Trigger') unless trigger - - present trigger, with: ::API::V3::Entities::Trigger - end - - desc 'Create a trigger' do - success ::API::V3::Entities::Trigger - end - post ':id/triggers' do - authenticate! - authorize! :admin_build, user_project - - trigger = user_project.triggers.create - - present trigger, with: ::API::V3::Entities::Trigger - end - - desc 'Delete a trigger' do - success ::API::V3::Entities::Trigger - end - params do - requires :token, type: String, desc: 'The unique token of trigger' - end - delete ':id/triggers/:token' do - authenticate! - authorize! :admin_build, user_project - - trigger = user_project.triggers.find_by(token: params[:token].to_s) - break not_found!('Trigger') unless trigger - - trigger.destroy - - present trigger, with: ::API::V3::Entities::Trigger - end - end - end - end -end diff --git a/lib/api/v3/users.rb b/lib/api/v3/users.rb deleted file mode 100644 index cf106f2552d..00000000000 --- a/lib/api/v3/users.rb +++ /dev/null @@ -1,204 +0,0 @@ -module API - module V3 - class Users < Grape::API - include PaginationParams - include APIGuard - - allow_access_with_scope :read_user, if: -> (request) { request.get? } - - before do - authenticate! - end - - resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do - helpers do - params :optional_attributes do - optional :skype, type: String, desc: 'The Skype username' - optional :linkedin, type: String, desc: 'The LinkedIn username' - optional :twitter, type: String, desc: 'The Twitter username' - optional :website_url, type: String, desc: 'The website of the user' - optional :organization, type: String, desc: 'The organization of the user' - optional :projects_limit, type: Integer, desc: 'The number of projects a user can create' - optional :extern_uid, type: String, desc: 'The external authentication provider UID' - optional :provider, type: String, desc: 'The external provider' - optional :bio, type: String, desc: 'The biography of the user' - optional :location, type: String, desc: 'The location of the user' - optional :admin, type: Boolean, desc: 'Flag indicating the user is an administrator' - optional :can_create_group, type: Boolean, desc: 'Flag indicating the user can create groups' - optional :confirm, type: Boolean, default: true, desc: 'Flag indicating the account needs to be confirmed' - optional :external, type: Boolean, desc: 'Flag indicating the user is an external user' - all_or_none_of :extern_uid, :provider - end - end - - desc 'Create a user. Available only for admins.' do - success ::API::Entities::UserPublic - end - params do - requires :email, type: String, desc: 'The email of the user' - optional :password, type: String, desc: 'The password of the new user' - optional :reset_password, type: Boolean, desc: 'Flag indicating the user will be sent a password reset token' - at_least_one_of :password, :reset_password - requires :name, type: String, desc: 'The name of the user' - requires :username, type: String, desc: 'The username of the user' - use :optional_attributes - end - post do - authenticated_as_admin! - - params = declared_params(include_missing: false) - user = ::Users::CreateService.new(current_user, params.merge!(skip_confirmation: !params[:confirm])).execute - - if user.persisted? - present user, with: ::API::Entities::UserPublic - else - conflict!('Email has already been taken') if User - .where(email: user.email) - .count > 0 - - conflict!('Username has already been taken') if User - .where(username: user.username) - .count > 0 - - render_validation_error!(user) - end - end - - desc 'Get the SSH keys of a specified user. Available only for admins.' do - success ::API::Entities::SSHKey - end - params do - requires :id, type: Integer, desc: 'The ID of the user' - use :pagination - end - get ':id/keys' do - authenticated_as_admin! - - user = User.find_by(id: params[:id]) - not_found!('User') unless user - - present paginate(user.keys), with: ::API::Entities::SSHKey - end - - desc 'Get the emails addresses of a specified user. Available only for admins.' do - success ::API::Entities::Email - end - params do - requires :id, type: Integer, desc: 'The ID of the user' - use :pagination - end - get ':id/emails' do - authenticated_as_admin! - user = User.find_by(id: params[:id]) - not_found!('User') unless user - - present user.emails, with: ::API::Entities::Email - end - - desc 'Block a user. Available only for admins.' - params do - requires :id, type: Integer, desc: 'The ID of the user' - end - put ':id/block' do - authenticated_as_admin! - user = User.find_by(id: params[:id]) - not_found!('User') unless user - - if !user.ldap_blocked? - user.block - else - forbidden!('LDAP blocked users cannot be modified by the API') - end - end - - desc 'Unblock a user. Available only for admins.' - params do - requires :id, type: Integer, desc: 'The ID of the user' - end - put ':id/unblock' do - authenticated_as_admin! - user = User.find_by(id: params[:id]) - not_found!('User') unless user - - if user.ldap_blocked? - forbidden!('LDAP blocked users cannot be unblocked by the API') - else - user.activate - end - end - - desc 'Get the contribution events of a specified user' do - detail 'This feature was introduced in GitLab 8.13.' - success ::API::V3::Entities::Event - end - params do - requires :id, type: Integer, desc: 'The ID of the user' - use :pagination - end - get ':id/events' do - user = User.find_by(id: params[:id]) - not_found!('User') unless user - - events = user.events - .merge(ProjectsFinder.new(current_user: current_user).execute) - .references(:project) - .with_associations - .recent - - present paginate(events), with: ::API::V3::Entities::Event - end - - desc 'Delete an existing SSH key from a specified user. Available only for admins.' do - success ::API::Entities::SSHKey - end - params do - requires :id, type: Integer, desc: 'The ID of the user' - requires :key_id, type: Integer, desc: 'The ID of the SSH key' - end - delete ':id/keys/:key_id' do - authenticated_as_admin! - - user = User.find_by(id: params[:id]) - not_found!('User') unless user - - key = user.keys.find_by(id: params[:key_id]) - not_found!('Key') unless key - - present key.destroy, with: ::API::Entities::SSHKey - end - end - - resource :user do - desc "Get the currently authenticated user's SSH keys" do - success ::API::Entities::SSHKey - end - params do - use :pagination - end - get "keys" do - present current_user.keys, with: ::API::Entities::SSHKey - end - - desc "Get the currently authenticated user's email addresses" do - success ::API::Entities::Email - end - get "emails" do - present current_user.emails, with: ::API::Entities::Email - end - - desc 'Delete an SSH key from the currently authenticated user' do - success ::API::Entities::SSHKey - end - params do - requires :key_id, type: Integer, desc: 'The ID of the SSH key' - end - delete "keys/:key_id" do - key = current_user.keys.find_by(id: params[:key_id]) - not_found!('Key') unless key - - present key.destroy, with: ::API::Entities::SSHKey - end - end - end - end -end diff --git a/lib/api/v3/variables.rb b/lib/api/v3/variables.rb deleted file mode 100644 index 83972b1e7ce..00000000000 --- a/lib/api/v3/variables.rb +++ /dev/null @@ -1,29 +0,0 @@ -module API - module V3 - class Variables < Grape::API - include PaginationParams - - before { authenticate! } - before { authorize! :admin_build, user_project } - - params do - requires :id, type: String, desc: 'The ID of a project' - end - - resource :projects, requirements: { id: %r{[^/]+} } do - desc 'Delete an existing variable from a project' do - success ::API::Entities::Variable - end - params do - requires :key, type: String, desc: 'The key of the variable' - end - delete ':id/variables/:key' do - variable = user_project.variables.find_by(key: params[:key]) - not_found!('Variable') unless variable - - present variable.destroy, with: ::API::Entities::Variable - end - end - end - end -end |