summaryrefslogtreecommitdiff
path: root/lib/api/project_members.rb
blob: b703da0557a095a2a14f0b4338fac8d7e8a9d95d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
module API
  # Projects members API
  class ProjectMembers < Grape::API
    before { authenticate! }

    resource :projects do

      # Get a project team members
      #
      # Parameters:
      #   id (required) - The ID of a project
      #   query         - Query string
      # Example Request:
      #   GET /projects/:id/members
      get ":id/members" do
        if params[:query].present?
          @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
        else
          @members = paginate user_project.users
        end
        present @members, with: Entities::ProjectMember, project: user_project
      end

      # Get a project team members
      #
      # Parameters:
      #   id (required) - The ID of a project
      #   user_id (required) - The ID of a user
      # Example Request:
      #   GET /projects/:id/members/:user_id
      get ":id/members/:user_id" do
        @member = user_project.users.find params[:user_id]
        present @member, with: Entities::ProjectMember, project: user_project
      end

      # Add a new project team member
      #
      # Parameters:
      #   id (required) - The ID of a project
      #   user_id (required) - The ID of a user
      #   access_level (required) - Project access level
      # Example Request:
      #   POST /projects/:id/members
      post ":id/members" do
        authorize! :admin_project, user_project
        required_attributes! [:user_id, :access_level]

        # either the user is already a team member or a new one
        project_member = user_project.project_member(params[:user_id])
        if project_member.nil?
          project_member = user_project.project_members.new(
            user_id: params[:user_id],
            access_level: params[:access_level]
          )
        end

        if project_member.save
          @member = project_member.user
          present @member, with: Entities::ProjectMember, project: user_project
        else
          handle_member_errors project_member.errors
        end
      end

      # Update project team member
      #
      # Parameters:
      #   id (required) - The ID of a project
      #   user_id (required) - The ID of a team member
      #   access_level (required) - Project access level
      # Example Request:
      #   PUT /projects/:id/members/:user_id
      put ":id/members/:user_id" do
        authorize! :admin_project, user_project
        required_attributes! [:access_level]

        project_member = user_project.project_members.find_by(user_id: params[:user_id])
        not_found!("User can not be found") if project_member.nil?

        if project_member.update_attributes(access_level: params[:access_level])
          @member = project_member.user
          present @member, with: Entities::ProjectMember, project: user_project
        else
          handle_member_errors project_member.errors
        end
      end

      # Remove a team member from project
      #
      # Parameters:
      #   id (required) - The ID of a project
      #   user_id (required) - The ID of a team member
      # Example Request:
      #   DELETE /projects/:id/members/:user_id
      delete ":id/members/:user_id" do
        project_member = user_project.project_members.find_by(user_id: params[:user_id])

        unless current_user.can?(:admin_project, user_project) ||
                current_user.can?(:destroy_project_member, project_member)
          forbidden!
        end

        if project_member.nil?
          { message: "Access revoked", id: params[:user_id].to_i }
        else
          project_member.destroy
        end
      end
    end
  end
end