gitlab-org--gitlab-foss/lib/api/access_requests.rb

module API
  class AccessRequests < Grape::API
    before { authenticate! }

    helpers ::API::Helpers::MembersHelpers

    %w[group project].each do |source_type|
      resource source_type.pluralize do
        # Get a list of group/project access requests viewable by the authenticated user.
        #
        # Parameters:
        #   id (required) - The group/project ID
        #
        # Example Request:
        #  GET /groups/:id/access_requests
        #  GET /projects/:id/access_requests
        get ":id/access_requests" do
          source = find_source(source_type, params[:id])

          access_requesters = AccessRequestsFinder.new(source).execute!(current_user)
          access_requesters = paginate(access_requesters.includes(:user))

          present access_requesters.map(&:user), with: Entities::AccessRequester, source: source
        end

        # Request access to the group/project
        #
        # Parameters:
        #   id (required) - The group/project ID
        #
        # Example Request:
        #  POST /groups/:id/access_requests
        #  POST /projects/:id/access_requests
        post ":id/access_requests" do
          source = find_source(source_type, params[:id])
          access_requester = source.request_access(current_user)

          if access_requester.persisted?
            present access_requester.user, with: Entities::AccessRequester, access_requester: access_requester
          else
            render_validation_error!(access_requester)
          end
        end

        # Approve a group/project access request
        #
        # Parameters:
        #   id (required) - The group/project ID
        #   user_id (required) - The user ID of the access requester
        #   access_level (optional) - Access level
        #
        # Example Request:
        #   PUT /groups/:id/access_requests/:user_id/approve
        #   PUT /projects/:id/access_requests/:user_id/approve
        put ':id/access_requests/:user_id/approve' do
          required_attributes! [:user_id]
          source = find_source(source_type, params[:id])

          member = ::Members::ApproveAccessRequestService.new(source, current_user, params).execute

          status :created
          present member.user, with: Entities::Member, member: member
        end

        # Deny a group/project access request
        #
        # Parameters:
        #   id (required) - The group/project ID
        #   user_id (required) - The user ID of the access requester
        #
        # Example Request:
        #   DELETE /groups/:id/access_requests/:user_id
        #   DELETE /projects/:id/access_requests/:user_id
        delete ":id/access_requests/:user_id" do
          required_attributes! [:user_id]
          source = find_source(source_type, params[:id])

          ::Members::DestroyService.new(source, current_user, params).
            execute(:requesters)
        end
      end
    end
  end
end
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 15:14:31 +00:00			`module API`
			`class AccessRequests < Grape::API`
			`before { authenticate! }`

			`helpers ::API::Helpers::MembersHelpers`

			`%w[group project].each do \|source_type\|`
			`resource source_type.pluralize do`
			`# Get a list of group/project access requests viewable by the authenticated user.`
			`#`
			`# Parameters:`
			`# id (required) - The group/project ID`
			`#`
			`# Example Request:`
			`# GET /groups/:id/access_requests`
			`# GET /projects/:id/access_requests`
			`get ":id/access_requests" do`
			`source = find_source(source_type, params[:id])`

New AccessRequestsFinder Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:38:32 +00:00			`access_requesters = AccessRequestsFinder.new(source).execute!(current_user)`
			`access_requesters = paginate(access_requesters.includes(:user))`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 15:14:31 +00:00
Ensure invitees are not returned in Members API Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-15 16:34:57 +00:00			`present access_requesters.map(&:user), with: Entities::AccessRequester, source: source`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 15:14:31 +00:00			`end`

			`# Request access to the group/project`
			`#`
			`# Parameters:`
			`# id (required) - The group/project ID`
			`#`
			`# Example Request:`
			`# POST /groups/:id/access_requests`
			`# POST /projects/:id/access_requests`
			`post ":id/access_requests" do`
			`source = find_source(source_type, params[:id])`
			`access_requester = source.request_access(current_user)`

			`if access_requester.persisted?`
			`present access_requester.user, with: Entities::AccessRequester, access_requester: access_requester`
			`else`
			`render_validation_error!(access_requester)`
			`end`
			`end`

			`# Approve a group/project access request`
			`#`
			`# Parameters:`
			`# id (required) - The group/project ID`
			`# user_id (required) - The user ID of the access requester`
			`# access_level (optional) - Access level`
			`#`
			`# Example Request:`
			`# PUT /groups/:id/access_requests/:user_id/approve`
			`# PUT /projects/:id/access_requests/:user_id/approve`
			`put ':id/access_requests/:user_id/approve' do`
			`required_attributes! [:user_id]`
			`source = find_source(source_type, params[:id])`

New Members::ApproveAccessRequestService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-07-28 17:30:34 +00:00			`member = ::Members::ApproveAccessRequestService.new(source, current_user, params).execute`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 15:14:31 +00:00
			`status :created`
			`present member.user, with: Entities::Member, member: member`
			`end`

			`# Deny a group/project access request`
			`#`
			`# Parameters:`
			`# id (required) - The group/project ID`
			`# user_id (required) - The user ID of the access requester`
			`#`
			`# Example Request:`
			`# DELETE /groups/:id/access_requests/:user_id`
			`# DELETE /projects/:id/access_requests/:user_id`
			`delete ":id/access_requests/:user_id" do`
			`required_attributes! [:user_id]`
			`source = find_source(source_type, params[:id])`

Fix a few things after the initial improvment to Members::DestroyService Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-09-09 16:51:31 +00:00			`::Members::DestroyService.new(source, current_user, params).`
			`execute(:requesters)`
New AccessRequests API endpoints for Group & Project Also, mutualize AccessRequests and Members endpoints for Group & Project. New API documentation for the AccessRequests endpoints. Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-06-23 15:14:31 +00:00			`end`
			`end`
			`end`
			`end`
			`end`