2018-09-29 18:34:47 -04:00
# frozen_string_literal: true
2016-06-23 11:14:31 -04:00
module API
2020-10-14 20:08:42 -04:00
class Members < :: API :: Base
2016-12-04 12:11:19 -05:00
include PaginationParams
2016-06-23 11:14:31 -04:00
before { authenticate! }
2020-10-29 14:09:11 -04:00
feature_category :authentication_and_authorization
2016-06-23 11:14:31 -04:00
helpers :: API :: Helpers :: MembersHelpers
%w[ group project ] . each do | source_type |
2016-07-29 10:02:35 -04:00
params do
requires :id , type : String , desc : " The #{ source_type } ID "
end
2018-11-08 07:18:17 -05:00
resource source_type . pluralize , requirements : API :: NAMESPACE_OR_PROJECT_REQUIREMENTS do
2016-07-29 10:02:35 -04:00
desc 'Gets a list of group or project members viewable by the authenticated user.' do
success Entities :: Member
end
params do
optional :query , type : String , desc : 'A query string to search for members'
2020-06-29 17:09:07 -04:00
optional :user_ids , type : Array [ Integer ] , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToIntegerArray . coerce , desc : 'Array of user ids to look up for membership'
2020-01-22 13:08:47 -05:00
optional :show_seat_info , type : Boolean , desc : 'Show seat information for members'
2019-12-26 13:07:46 -05:00
use :optional_filter_params_ee
2016-12-04 12:11:19 -05:00
use :pagination
2016-07-29 10:02:35 -04:00
end
2019-11-22 01:06:20 -05:00
2016-06-23 11:14:31 -04:00
get " :id/members " do
source = find_source ( source_type , params [ :id ] )
2019-11-22 01:06:20 -05:00
members = paginate ( retrieve_members ( source , params : params ) )
2016-06-23 11:14:31 -04:00
2019-11-22 01:06:20 -05:00
present_members members
2016-06-23 11:14:31 -04:00
end
2018-07-25 17:45:42 -04:00
desc 'Gets a list of group or project members viewable by the authenticated user, including those who gained membership through ancestor group.' do
success Entities :: Member
end
params do
optional :query , type : String , desc : 'A query string to search for members'
2020-06-29 17:09:07 -04:00
optional :user_ids , type : Array [ Integer ] , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToIntegerArray . coerce , desc : 'Array of user ids to look up for membership'
2020-01-22 13:08:47 -05:00
optional :show_seat_info , type : Boolean , desc : 'Show seat information for members'
2018-07-25 17:45:42 -04:00
use :pagination
end
2019-11-22 01:06:20 -05:00
2018-07-25 17:45:42 -04:00
get " :id/members/all " do
source = find_source ( source_type , params [ :id ] )
2019-11-22 01:06:20 -05:00
members = paginate ( retrieve_members ( source , params : params , deep : true ) )
2018-07-25 17:45:42 -04:00
2019-11-22 01:06:20 -05:00
present_members members
2018-07-25 17:45:42 -04:00
end
2016-06-23 11:14:31 -04:00
2016-07-29 10:02:35 -04:00
desc 'Gets a member of a group or project.' do
success Entities :: Member
end
params do
requires :user_id , type : Integer , desc : 'The user ID of the member'
end
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
get " :id/members/:user_id " do
source = find_source ( source_type , params [ :id ] )
2020-12-16 01:10:11 -05:00
members = source_members ( source )
2016-06-23 11:14:31 -04:00
member = members . find_by! ( user_id : params [ :user_id ] )
2019-11-22 01:06:20 -05:00
present_members member
2019-10-16 14:08:01 -04:00
end
# rubocop: enable CodeReuse/ActiveRecord
desc 'Gets a member of a group or project, including those who gained membership through ancestor group' do
success Entities :: Member
end
params do
requires :user_id , type : Integer , desc : 'The user ID of the member'
end
# rubocop: disable CodeReuse/ActiveRecord
get " :id/members/all/:user_id " do
source = find_source ( source_type , params [ :id ] )
2019-11-22 01:06:20 -05:00
members = find_all_members ( source )
2019-10-16 14:08:01 -04:00
member = members . find_by! ( user_id : params [ :user_id ] )
2019-11-22 01:06:20 -05:00
present_members member
2016-06-23 11:14:31 -04:00
end
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
2016-07-29 10:02:35 -04:00
desc 'Adds a member to a group or project.' do
success Entities :: Member
end
params do
requires :access_level , type : Integer , desc : 'A valid access level (defaults: `30`, developer access level)'
2020-10-13 08:08:41 -04:00
requires :user_id , types : [ Integer , String ] , desc : 'The user ID of the new member or multiple IDs separated by commas.'
2016-07-29 10:02:35 -04:00
optional :expires_at , type : DateTime , desc : 'Date string in the format YEAR-MONTH-DAY'
2021-06-10 11:10:14 -04:00
optional :invite_source , type : String , desc : 'Source that triggered the member creation process' , default : 'members-api'
2021-07-22 17:09:40 -04:00
optional :areas_of_focus , type : Array [ String ] , coerce_with : Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'Areas the inviter wants the member to focus upon'
2016-07-29 10:02:35 -04:00
end
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
post " :id/members " do
2021-06-16 14:10:35 -04:00
:: Gitlab :: QueryLimiting . disable! ( 'https://gitlab.com/gitlab-org/gitlab/-/issues/333434' )
2016-06-23 11:14:31 -04:00
source = find_source ( source_type , params [ :id ] )
authorize_admin_source! ( source_type , source )
2020-10-13 08:08:41 -04:00
if params [ :user_id ] . to_s . include? ( ',' )
2021-04-07 17:09:01 -04:00
create_service_params = params . except ( :user_id ) . merge ( { user_ids : params [ :user_id ] , source : source } )
2016-08-09 06:14:11 -04:00
2021-04-07 17:09:01 -04:00
:: Members :: CreateService . new ( current_user , create_service_params ) . execute
2020-10-13 08:08:41 -04:00
elsif params [ :user_id ] . present?
member = source . members . find_by ( user_id : params [ :user_id ] )
conflict! ( 'Member already exists' ) if member
2018-07-27 15:49:49 -04:00
2020-10-13 08:08:41 -04:00
user = User . find_by_id ( params [ :user_id ] )
not_found! ( 'User' ) unless user
2016-08-09 06:14:11 -04:00
2020-10-13 08:08:41 -04:00
member = create_member ( current_user , user , source , params )
if ! member
not_allowed! # This currently can only be reached in EE
elsif member . valid? && member . persisted?
present_members ( member )
2021-07-22 17:09:40 -04:00
Gitlab :: Tracking . event ( :: Members :: CreateService . name ,
'create_member' ,
label : params [ :invite_source ] ,
property : 'existing_user' ,
user : current_user )
track_areas_of_focus ( member , params [ :areas_of_focus ] )
2020-10-13 08:08:41 -04:00
else
render_validation_error! ( member )
end
2016-06-23 11:14:31 -04:00
end
end
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
2016-07-29 10:02:35 -04:00
desc 'Updates a member of a group or project.' do
success Entities :: Member
end
params do
requires :user_id , type : Integer , desc : 'The user ID of the new member'
requires :access_level , type : Integer , desc : 'A valid access level'
optional :expires_at , type : DateTime , desc : 'Date string in the format YEAR-MONTH-DAY'
end
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
put " :id/members/:user_id " do
2017-02-23 08:21:03 -05:00
source = find_source ( source_type , params . delete ( :id ) )
2016-06-23 11:14:31 -04:00
authorize_admin_source! ( source_type , source )
2020-11-02 10:08:52 -05:00
member = source_members ( source ) . find_by! ( user_id : params [ :user_id ] )
2017-10-11 10:47:08 -04:00
2021-01-28 16:09:04 -05:00
result = :: Members :: UpdateService
. new ( current_user , declared_params ( include_missing : false ) )
. execute ( member )
updated_member = result [ :member ]
if result [ :status ] == :success
2019-11-22 01:06:20 -05:00
present_members updated_member
2016-06-23 11:14:31 -04:00
else
2017-10-11 10:47:08 -04:00
render_validation_error! ( updated_member )
2016-06-23 11:14:31 -04:00
end
end
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
2016-07-29 10:02:35 -04:00
desc 'Removes a user from a group or project.'
params do
requires :user_id , type : Integer , desc : 'The user ID of the member'
2021-03-23 08:09:33 -04:00
optional :skip_subresources , type : Boolean , default : false ,
desc : 'Flag indicating if the deletion of direct memberships of the removed member in subgroups and projects should be skipped'
2020-06-23 11:08:41 -04:00
optional :unassign_issuables , type : Boolean , default : false ,
desc : 'Flag indicating if the removed member should be unassigned from any issues or merge requests within given group or project'
2016-07-29 10:02:35 -04:00
end
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
delete " :id/members/:user_id " do
source = find_source ( source_type , params [ :id ] )
2020-11-02 10:08:52 -05:00
member = source_members ( source ) . find_by! ( user_id : params [ :user_id ] )
2016-06-23 11:14:31 -04:00
2017-03-02 07:14:13 -05:00
destroy_conditionally! ( member ) do
2021-03-23 08:09:33 -04:00
:: Members :: DestroyService . new ( current_user ) . execute ( member , skip_subresources : params [ :skip_subresources ] , unassign_issuables : params [ :unassign_issuables ] )
2017-03-02 07:14:13 -05:00
end
2016-06-23 11:14:31 -04:00
end
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ActiveRecord
2016-06-23 11:14:31 -04:00
end
end
end
end
2020-04-23 17:09:31 -04:00
2021-05-11 17:10:21 -04:00
API :: Members . prepend_mod_with ( 'API::Members' )