Add group membership api
Created by: karlhungus
Change-Id: I5b174bba02856ede788dcb51ec9b0d598ea7d0df
4 4 before { authenticate! } 5 5 6 6 resource :groups do 7 helpers do 8 def find_group(id) 9 group = Group.find(id) 10 if current_user.admin or current_user.groups.include? group 11 group 12 else 13 render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) 14 end 15 end 16 def validate_access_level?(level) 17 Gitlab::Access.options_with_owner.values.include? level.to_i Created by: dzaporozhets
Gitlab::Access.options_with_owner.values
(see https://github.com/gitlabhq/gitlabhq/blob/master/lib/gitlab/access.rb)By Administrator on 2013-09-05T14:42:27 (imported from GitLab project)
4 4 before { authenticate! } 5 5 6 6 resource :groups do 7 helpers do 8 def find_group(id) 9 group = Group.find(id) 10 if current_user.admin or current_user.groups.include? group 11 group 12 else 13 render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) 14 end 15 end 16 def validate_access_level?(level) 17 Gitlab::Access.options_with_owner.values.include? level.to_i 18 end 19 end 71 81 not_found! 72 82 end 73 83 end 84 85 # Get a list of group members viewable by the authenticated user. 86 # 87 # Example Request: 88 # GET /groups/:id/members 89 get ":id/members" do 90 group = find_group(params[:id]) 91 members = group.users_groups 90 group = find_group(params[:id]) 91 members = group.users_groups 92 users = (paginate members).collect(&:user) 93 present users, with: Entities::GroupMember, group: group 94 end 95 96 # Add a user to the list of group members 97 # 98 # Parameters: 99 # id (required) - group id 100 # user_id (required) - the users id 101 # access_level (required) - Project access level 102 # Example Request: 103 # POST /groups/:id/members 104 post ":id/members" do 105 required_attributes! [:user_id, :access_level] 126 describe "members" do 127 let(:owner) { create(:user) } 128 let(:reporter) { create(:user) } 129 let(:developer) { create(:user) } 130 let(:master) { create(:user) } 131 let(:guest) { create(:user) } 132 let!(:group_with_members) do 133 group = create(:group, owner: owner) 134 group.add_users([reporter.id], UsersGroup::REPORTER) 135 group.add_users([developer.id], UsersGroup::DEVELOPER) 136 group.add_users([master.id], UsersGroup::MASTER) 137 group.add_users([guest.id], UsersGroup::GUEST) 138 group 139 end 140 let!(:group_no_members) { create(:group, owner: owner) } 141 167 it "should not add guest as member of group_no_members when adding being done by person outside the group" do 168 post api("/groups/#{group_no_members.id}/members", reporter), user_id: guest.id, access_level: UsersGroup::MASTER 169 response.status.should == 403 170 end 171 end 172 173 context "when a member of the group" do 174 it "should return ok and add new member" do 175 count_before=group_no_members.users_groups.count 176 new_user = create(:user) 177 post api("/groups/#{group_no_members.id}/members", owner), user_id: new_user.id, access_level: UsersGroup::MASTER 178 response.status.should == 201 179 json_response['name'].should == new_user.name 180 json_response['access_level'].should == UsersGroup::MASTER 181 group_no_members.users_groups.count.should == count_before + 1 182 end 184 it "should return error if member already exists" do 185 post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: UsersGroup::MASTER 186 response.status.should == 409 187 end 188 189 it "should return a 400 error when user id is not given" do 190 post api("/groups/#{group_no_members.id}/members", owner), access_level: UsersGroup::MASTER 191 response.status.should == 400 192 end 193 194 it "should return a 400 error when access level is not given" do 195 post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id 196 response.status.should == 400 197 end 198 199 it "should return a 422 error when access level is not known" do 204 end 205 206 describe "DELETE /groups/:id/members/:user_id" do 207 context "when not a member of the group" do 208 it "should not delete guest's membership of group_with_members" do 209 random_user = create(:user) 210 delete api("/groups/#{group_with_members.id}/members/#{owner.id}", random_user) 211 response.status.should == 403 212 end 213 end 214 215 context "when a member of the group" do 216 it "should delete guest's membership of group" do 217 count_before=group_with_members.users_groups.count 218 delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner) 219 response.status.should == 200 Created by: coveralls
Coverage remained the same when pulling b6527bffff40fc96cf92fce0c7d9195a5c6c425f on karlhungus:feature_group_membership_api into 9109a207 on gitlabhq:master.
By Administrator on 2013-09-05T14:39:46 (imported from GitLab project)
Please register or sign in to reply