2014-10-29 07:31:23 -04:00
|
|
|
module API
|
|
|
|
class GroupMembers < Grape::API
|
|
|
|
before { authenticate! }
|
|
|
|
|
|
|
|
resource :groups do
|
|
|
|
# Get a list of group members viewable by the authenticated user.
|
|
|
|
#
|
|
|
|
# Example Request:
|
|
|
|
# GET /groups/:id/members
|
|
|
|
get ":id/members" do
|
|
|
|
group = find_group(params[:id])
|
2015-04-10 08:40:26 -04:00
|
|
|
users = group.users
|
2014-10-29 07:31:23 -04:00
|
|
|
present users, with: Entities::GroupMember, group: group
|
|
|
|
end
|
|
|
|
|
|
|
|
# Add a user to the list of group members
|
|
|
|
#
|
|
|
|
# Parameters:
|
|
|
|
# id (required) - group id
|
|
|
|
# user_id (required) - the users id
|
|
|
|
# access_level (required) - Project access level
|
|
|
|
# Example Request:
|
|
|
|
# POST /groups/:id/members
|
|
|
|
post ":id/members" do
|
2014-10-29 07:38:00 -04:00
|
|
|
group = find_group(params[:id])
|
2015-04-10 08:39:10 -04:00
|
|
|
authorize! :admin_group, group
|
2014-10-29 07:31:23 -04:00
|
|
|
required_attributes! [:user_id, :access_level]
|
2014-10-29 07:38:00 -04:00
|
|
|
|
2014-10-29 07:31:23 -04:00
|
|
|
unless validate_access_level?(params[:access_level])
|
|
|
|
render_api_error!("Wrong access level", 422)
|
|
|
|
end
|
2014-10-29 07:38:00 -04:00
|
|
|
|
2014-10-29 07:31:23 -04:00
|
|
|
if group.group_members.find_by(user_id: params[:user_id])
|
|
|
|
render_api_error!("Already exists", 409)
|
|
|
|
end
|
2014-10-29 07:38:00 -04:00
|
|
|
|
2015-04-10 08:46:09 -04:00
|
|
|
group.add_users([params[:user_id]], params[:access_level], current_user)
|
2014-10-29 07:31:23 -04:00
|
|
|
member = group.group_members.find_by(user_id: params[:user_id])
|
|
|
|
present member.user, with: Entities::GroupMember, group: group
|
|
|
|
end
|
|
|
|
|
2015-01-20 22:34:09 -05:00
|
|
|
# Update group member
|
|
|
|
#
|
|
|
|
# Parameters:
|
|
|
|
# id (required) - The ID of a group
|
|
|
|
# user_id (required) - The ID of a group member
|
|
|
|
# access_level (required) - Project access level
|
|
|
|
# Example Request:
|
|
|
|
# PUT /groups/:id/members/:user_id
|
|
|
|
put ':id/members/:user_id' do
|
|
|
|
group = find_group(params[:id])
|
2015-04-10 08:39:10 -04:00
|
|
|
authorize! :admin_group, group
|
2015-01-20 22:34:09 -05:00
|
|
|
required_attributes! [:access_level]
|
|
|
|
|
2015-03-13 11:16:51 -04:00
|
|
|
group_member = group.group_members.find_by(user_id: params[:user_id])
|
|
|
|
not_found!('User can not be found') if group_member.nil?
|
2015-01-20 22:34:09 -05:00
|
|
|
|
2015-03-13 11:16:51 -04:00
|
|
|
if group_member.update_attributes(access_level: params[:access_level])
|
|
|
|
@member = group_member.user
|
2015-01-20 22:34:09 -05:00
|
|
|
present @member, with: Entities::GroupMember, group: group
|
|
|
|
else
|
2015-03-13 11:16:51 -04:00
|
|
|
handle_member_errors group_member.errors
|
2015-01-20 22:34:09 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-10-29 07:31:23 -04:00
|
|
|
# Remove member.
|
|
|
|
#
|
|
|
|
# Parameters:
|
|
|
|
# id (required) - group id
|
|
|
|
# user_id (required) - the users id
|
|
|
|
#
|
|
|
|
# Example Request:
|
|
|
|
# DELETE /groups/:id/members/:user_id
|
|
|
|
delete ":id/members/:user_id" do
|
|
|
|
group = find_group(params[:id])
|
2015-04-10 08:39:10 -04:00
|
|
|
authorize! :admin_group, group
|
2014-10-29 07:38:00 -04:00
|
|
|
member = group.group_members.find_by(user_id: params[:user_id])
|
|
|
|
|
2014-10-29 07:31:23 -04:00
|
|
|
if member.nil?
|
2016-06-29 09:23:44 -04:00
|
|
|
render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}", 404)
|
2014-10-29 07:31:23 -04:00
|
|
|
else
|
|
|
|
member.destroy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|