diff --git a/doc/api/README.md b/doc/api/README.md index c4d44c52748..09deec00e03 100644 --- a/doc/api/README.md +++ b/doc/api/README.md @@ -79,3 +79,4 @@ When listing resources you can pass the following parameters: + [Milestones](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/milestones.md) + [Notes](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/notes.md) + [System Hooks](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/system_hooks.md) ++ [User Teams](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/user_teams.md) diff --git a/doc/api/user_teams.md b/doc/api/user_teams.md new file mode 100644 index 00000000000..cf467a54667 --- /dev/null +++ b/doc/api/user_teams.md @@ -0,0 +1,209 @@ +## User teams + +### List user teams + +Get a list of user teams viewable by the authenticated user. + +``` +GET /user_teams +``` + +```json +[ + { + id: 1, + name: "User team 1", + path: "user_team1", + owner_id: 1 + }, + { + id: 2, + name: "User team 2", + path: "user_team2", + owner_id: 1 + } +] +``` + + +### Get single user team + +Get a specific user team, identified by user team ID, which is viewable by the authenticated user. + +``` +GET /user_teams/:id +``` + +Parameters: + ++ `id` (required) - The ID of a user_team + +```json +{ + id: 1, + name: "User team 1", + path: "user_team1", + owner_id: 1 +} +``` + + +### Create user team + +Creates new user team owned by user. Available only for admins. + +``` +POST /user_teams +``` + +Parameters: + ++ `name` (required) - new user team name ++ `path` (required) - new user team internal name + + + +## User team members + +### List user team members + +Get a list of project team members. + +``` +GET /user_teams/:id/members +``` + +Parameters: + ++ `id` (required) - The ID of a user_team + + +### Get user team member + +Gets a user team member. + +``` +GET /user_teams/:id/members/:user_id +``` + +Parameters: + ++ `id` (required) - The ID of a user_team ++ `user_id` (required) - The ID of a user + +```json +{ + id: 2, + username: "john_doe", + email: "joh@doe.org", + name: "John Doe", + state: "active", + created_at: "2012-10-22T14:13:35Z", + access_level: 30 +} +``` + + +### Add user team member + +Adds a user to a user team. + +``` +POST /user_teams/:id/members +``` + +Parameters: + ++ `id` (required) - The ID of a user team ++ `user_id` (required) - The ID of a user to add ++ `access_level` (required) - Project access level + + +### Remove user team member + +Removes user from user team. + +``` +DELETE /user_teams/:id/members/:user_id +``` + +Parameters: + ++ `id` (required) - The ID of a user team ++ `user_id` (required) - The ID of a team member + +## User team projects + +### List user team projects + +Get a list of project team projects. + +``` +GET /user_teams/:id/projects +``` + +Parameters: + ++ `id` (required) - The ID of a user_team + + +### Get user team project + +Gets a user team project. + +``` +GET /user_teams/:id/projects/:project_id +``` + +Parameters: + ++ `id` (required) - The ID of a user_team ++ `project_id` (required) - The ID of a user + +```json +{ + id: 12, + name: "project1", + description: null, + default_branch: "develop", + public: false, + path: "project1", + path_with_namespace: "group1/project1", + issues_enabled: false, + merge_requests_enabled: true, + wall_enabled: true, + wiki_enabled: false, + created_at: "2013-03-11T12:59:08Z", + greatest_access_level: 30 +} +``` + + +### Add user team project + +Adds a project to a user team. + +``` +POST /user_teams/:id/projects +``` + +Parameters: + ++ `id` (required) - The ID of a user team ++ `project_id` (required) - The ID of a project to add ++ `greatest_access_level` (required) - Maximum project access level + + +### Remove user team project + +Removes project from user team. + +``` +DELETE /user_teams/:id/projects/:project_id +``` + +Parameters: + ++ `id` (required) - The ID of a user team ++ `project_id` (required) - The ID of a team project + diff --git a/lib/api/api.rb b/lib/api/api.rb index 28e6add73ed..201e4a4edc2 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -34,5 +34,6 @@ module API mount Notes mount Internal mount SystemHooks + mount UserTeams end end diff --git a/lib/api/entities.rb b/lib/api/entities.rb index c3c351e1733..7b35f5f529f 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -40,6 +40,18 @@ module API end end + class TeamMember < UserBasic + expose :permission, as: :access_level do |user, options| + options[:user_team].user_team_user_relationships.find_by_user_id(user.id).permission + end + end + + class TeamProject < Project + expose :greatest_access, as: :greatest_access_level do |project, options| + options[:user_team].user_team_project_relationships.find_by_project_id(project.id).greatest_access + end + end + class Group < Grape::Entity expose :id, :name, :path, :owner_id end @@ -87,6 +99,10 @@ module API expose :id, :title, :key, :created_at end + class UserTeam < Grape::Entity + expose :id, :name, :path, :owner_id + end + class MergeRequest < Grape::Entity expose :id, :target_branch, :source_branch, :project_id, :title, :state expose :author, :assignee, using: Entities::UserBasic diff --git a/lib/api/user_teams.rb b/lib/api/user_teams.rb new file mode 100644 index 00000000000..05aa72f0e92 --- /dev/null +++ b/lib/api/user_teams.rb @@ -0,0 +1,276 @@ +module API + # user_teams API + class UserTeams < Grape::API + before { authenticate! } + + resource :user_teams do + helpers do + def handle_team_member_errors(errors) + if errors[:permission].any? + render_api_error!(errors[:permission], 422) + end + not_found! + end + + def validate_access_level?(level) + [UsersProject::GUEST, UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER].include? level.to_i + end + end + + + # Get a user_teams list + # + # Example Request: + # GET /user_teams + get do + if current_user.admin + @user_teams = paginate UserTeam + else + @user_teams = paginate current_user.user_teams + end + present @user_teams, with: Entities::UserTeam + end + + + # Create user_team. Available only for admin + # + # Parameters: + # name (required) - The name of the user_team + # path (required) - The path of the user_team + # Example Request: + # POST /user_teams + post do + authenticated_as_admin! + required_attributes! [:name, :path] + + attrs = attributes_for_keys [:name, :path] + @user_team = UserTeam.new(attrs) + @user_team.owner = current_user + + if @user_team.save + present @user_team, with: Entities::UserTeam + else + not_found! + end + end + + + # Get a single user_team + # + # Parameters: + # id (required) - The ID of a user_team + # Example Request: + # GET /user_teams/:id + get ":id" do + @user_team = UserTeam.find(params[:id]) + if current_user.admin or current_user.user_teams.include? @user_team + present @user_team, with: Entities::UserTeam + else + not_found! + end + end + + + # Get user_team members + # + # Parameters: + # id (required) - The ID of a user_team + # Example Request: + # GET /user_teams/:id/members + get ":id/members" do + @user_team = UserTeam.find(params[:id]) + if current_user.admin or current_user.user_teams.include? @user_team + @members = paginate @user_team.members + present @members, with: Entities::TeamMember, user_team: @user_team + else + not_found! + end + end + + + # Add a new user_team member + # + # Parameters: + # id (required) - The ID of a user_team + # user_id (required) - The ID of a user + # access_level (required) - Project access level + # Example Request: + # POST /user_teams/:id/members + post ":id/members" do + authenticated_as_admin! + required_attributes! [:user_id, :access_level] + + if not validate_access_level?(params[:access_level]) + render_api_error!("Wrong access level", 422) + end + + @user_team = UserTeam.find(params[:id]) + if @user_team + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id]) + # Not existing member + if team_member.nil? + @user_team.add_member(params[:user_id], params[:access_level], false) + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id]) + + if team_member.nil? + render_api_error!("Error creating membership", 500) + else + @member = team_member.user + present @member, with: Entities::TeamMember, user_team: @user_team + end + else + render_api_error!("Already exists", 409) + end + else + not_found! + end + end + + + # Get a single team member from user_team + # + # Parameters: + # id (required) - The ID of a user_team + # user_id (required) - The ID of a team member + # Example Request: + # GET /user_teams/:id/members/:user_id + get ":id/members/:user_id" do + @user_team = UserTeam.find(params[:id]) + if current_user.admin or current_user.user_teams.include? @user_team + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id]) + unless team_member.nil? + present team_member.user, with: Entities::TeamMember, user_team: @user_team + else + not_found! + end + else + not_found! + end + end + + # Remove a team member from user_team + # + # Parameters: + # id (required) - The ID of a user_team + # user_id (required) - The ID of a team member + # Example Request: + # DELETE /user_teams/:id/members/:user_id + delete ":id/members/:user_id" do + authenticated_as_admin! + + @user_team = UserTeam.find(params[:id]) + if @user_team + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id]) + unless team_member.nil? + team_member.destroy + else + not_found! + end + else + not_found! + end + end + + + # Get to user_team assigned projects + # + # Parameters: + # id (required) - The ID of a user_team + # Example Request: + # GET /user_teams/:id/projects + get ":id/projects" do + @user_team = UserTeam.find(params[:id]) + if current_user.admin or current_user.user_teams.include? @user_team + @projects = paginate @user_team.projects + present @projects, with: Entities::TeamProject, user_team: @user_team + else + not_found! + end + end + + + # Add a new user_team project + # + # Parameters: + # id (required) - The ID of a user_team + # project_id (required) - The ID of a project + # greatest_access_level (required) - Project access level + # Example Request: + # POST /user_teams/:id/projects + post ":id/projects" do + authenticated_as_admin! + required_attributes! [:project_id, :greatest_access_level] + + if not validate_access_level?(params[:greatest_access_level]) + render_api_error!("Wrong greatest_access_level", 422) + end + + @user_team = UserTeam.find(params[:id]) + if @user_team + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id]) + + # No existing project + if team_project.nil? + @user_team.assign_to_projects([params[:project_id]], params[:greatest_access_level]) + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id]) + if team_project.nil? + render_api_error!("Error creating project assignment", 500) + else + @project = team_project.project + present @project, with: Entities::TeamProject, user_team: @user_team + end + else + render_api_error!("Already exists", 409) + end + else + not_found! + end + end + + # Show a single team project from user_team + # + # Parameters: + # id (required) - The ID of a user_team + # project_id (required) - The ID of a project assigned to the team + # Example Request: + # GET /user_teams/:id/projects/:project_id + get ":id/projects/:project_id" do + @user_team = UserTeam.find(params[:id]) + if current_user.admin or current_user.user_teams.include? @user_team + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id]) + unless team_project.nil? + present team_project.project, with: Entities::TeamProject, user_team: @user_team + else + not_found! + end + else + not_found! + end + end + + # Remove a team project from user_team + # + # Parameters: + # id (required) - The ID of a user_team + # project_id (required) - The ID of a project assigned to the team + # Example Request: + # DELETE /user_teams/:id/projects/:project_id + delete ":id/projects/:project_id" do + authenticated_as_admin! + + @user_team = UserTeam.find(params[:id]) + if @user_team + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id]) + unless team_project.nil? + team_project.destroy + else + not_found! + end + else + not_found! + end + end + + end + end +end diff --git a/spec/requests/api/user_teams_spec.rb b/spec/requests/api/user_teams_spec.rb new file mode 100644 index 00000000000..68f05b11a83 --- /dev/null +++ b/spec/requests/api/user_teams_spec.rb @@ -0,0 +1,360 @@ +require 'spec_helper' + +describe API::API do + include ApiHelpers + + # Create test objects + let(:user1) { create(:user) } + let(:user2) { create(:user) } + let(:admin) { create(:admin) } + let!(:group1) { create(:group, owner: user1) } + let!(:group2) { create(:group, owner: user2) } + let(:user_team1) { create(:user_team, owner: user1) } + let(:user_team2) { create(:user_team, owner: user2) } + let!(:project1) { create(:project, creator_id: admin.id) } + let!(:project2) { create(:project, creator_id: admin.id) } + + + before { + # Add members to teams + user_team1.add_member(user1, UsersProject::MASTER, false) + user_team2.add_member(user2, UsersProject::MASTER, false) + + # Add projects to teams + user_team1.assign_to_projects([project1.id], UsersProject::MASTER) + user_team2.assign_to_projects([project2.id], UsersProject::MASTER) + + } + + describe "GET /user_teams" do + context "when unauthenticated" do + it "should return authentication error" do + get api("/user_teams") + response.status.should == 401 + end + end + + context "when authenticated as user" do + it "normal user: should return an array of user_teams of user1" do + get api("/user_teams", user1) + response.status.should == 200 + json_response.should be_an Array + json_response.length.should == 1 + json_response.first['name'].should == user_team1.name + end + end + + context "when authenticated as admin" do + it "admin: should return an array of all user_teams" do + get api("/user_teams", admin) + response.status.should == 200 + json_response.should be_an Array + json_response.length.should == 2 + end + end + end + + describe "GET /user_teams/:id" do + context "when authenticated as user" do + it "should return one of user1's user_teams" do + get api("/user_teams/#{user_team1.id}", user1) + response.status.should == 200 + json_response['name'] == user_team1.name + end + + it "should not return a non existing team" do + get api("/user_teams/1328", user1) + response.status.should == 404 + end + + it "should not return a user_team not attached to user1" do + get api("/user_teams/#{user_team2.id}", user1) + response.status.should == 404 + end + end + + context "when authenticated as admin" do + it "should return any existing user_team" do + get api("/user_teams/#{user_team2.id}", admin) + response.status.should == 200 + json_response['name'].should == user_team2.name + end + + it "should not return a non existing user_team" do + get api("/user_teams/1328", admin) + response.status.should == 404 + end + end + end + + describe "POST /user_teams" do + context "when authenticated as user" do + it "should not create user_team" do + count_before=UserTeam.count + post api("/user_teams", user1), attributes_for(:user_team) + response.status.should == 403 + UserTeam.count.should == count_before + end + end + + context "when authenticated as admin" do + it "should create user_team" do + count_before=UserTeam.count + post api("/user_teams", admin), attributes_for(:user_team) + response.status.should == 201 + UserTeam.count.should == count_before + 1 + end + + it "should not create user_team, duplicate" do + post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path} + response.status.should == 404 + end + + it "should return 400 bad request error if name not given" do + post api("/user_teams", admin), {:path => user_team2.path} + response.status.should == 400 + end + + it "should return 400 bad request error if path not given" do + post api("/user_teams", admin), {:name => 'test'} + response.status.should == 400 + end + end + end + + # Members + + describe "GET /user_teams/:id/members" do + context "when authenticated as user" do + it "should return user1 as member of user1's user_teams" do + get api("/user_teams/#{user_team1.id}/members", user1) + response.status.should == 200 + json_response.first['name'].should == user1.name + json_response.first['access_level'].should == UsersProject::MASTER + end + end + + context "when authenticated as admin" do + it "should return member of any existing user_team" do + get api("/user_teams/#{user_team2.id}/members", admin) + response.status.should == 200 + json_response.first['name'].should == user2.name + json_response.first['access_level'].should == UsersProject::MASTER + end + end + end + + describe "POST /user_teams/:id/members" do + context "when authenticated as user" do + it "should not add user2 as member of user_team1" do + post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should return ok and add new member" do + count_before=user_team1.user_team_user_relationships.count + post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER + response.status.should == 201 + json_response['name'].should == user2.name + json_response['access_level'].should == UsersProject::MASTER + user_team1.user_team_user_relationships.count.should == count_before + 1 + end + it "should return ok if member already exists" do + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER + response.status.should == 409 + end + it "should return a 400 error when user id is not given" do + post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER + response.status.should == 400 + end + it "should return a 400 error when access level is not given" do + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id + response.status.should == 400 + end + + it "should return a 422 error when access level is not known" do + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234 + response.status.should == 422 + end + + end + end + + # Get single member + describe "GET /user_teams/:id/members/:user_id" do + context "when authenticated as member" do + it "should show user1's membership of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1) + response.status.should == 200 + json_response['name'].should == user1.name + json_response['access_level'].should == UsersProject::MASTER + end + it "should show that user2 is not member of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1) + response.status.should == 404 + end + end + + context "when authenticated as non-member" do + it "should not show user1's membership of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2) + response.status.should == 404 + end + end + + context "when authenticated as admin" do + it "should show user1's membership of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin) + response.status.should == 200 + json_response['name'].should == user1.name + json_response['access_level'].should == UsersProject::MASTER + end + it "should return a 404 error when user id is not known" do + get api("/user_teams/#{user_team2.id}/members/1328", admin) + response.status.should == 404 + end + end + end + + describe "DELETE /user_teams/:id/members/:user_id" do + context "when authenticated as user" do + it "should not delete user1's membership of user_team1" do + delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1) + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should delete user1's membership of user_team1" do + count_before=user_team1.user_team_user_relationships.count + delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin) + response.status.should == 200 + user_team1.user_team_user_relationships.count.should == count_before - 1 + end + it "should return a 404 error when user id is not known" do + delete api("/user_teams/#{user_team2.id}/members/1328", admin) + response.status.should == 404 + end + end + end + + # Projects + + describe "GET /user_teams/:id/projects" do + context "when authenticated as user" do + it "should return project1 as assigned to user_team1 as member user1" do + get api("/user_teams/#{user_team1.id}/projects", user1) + response.status.should == 200 + json_response.first['name'].should == project1.name + json_response.length.should == user_team1.user_team_project_relationships.count + end + end + + context "when authenticated as admin" do + it "should return project2 as assigned to user_team2 as non-member, but admin" do + get api("/user_teams/#{user_team2.id}/projects", admin) + response.status.should == 200 + json_response.first['name'].should == project2.name + json_response.first['greatest_access_level'].should == UsersProject::MASTER + end + end + end + + describe "POST /user_teams/:id/projects" do + context "when authenticated as admin" do + it "should return ok and add new project" do + count_before=user_team1.user_team_project_relationships.count + post api("/user_teams/#{user_team1.id}/projects", admin), + project_id: project2.id, + greatest_access_level: UsersProject::MASTER + response.status.should == 201 + json_response['name'].should == project2.name + json_response['greatest_access_level'].should == UsersProject::MASTER + user_team1.user_team_project_relationships.count.should == count_before + 1 + end + it "should return ok if project already exists" do + post api("/user_teams/#{user_team2.id}/projects", admin), + project_id: project2.id, + greatest_access_level: UsersProject::MASTER + response.status.should == 409 + end + it "should return a 400 error when project id is not given" do + post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER + response.status.should == 400 + end + it "should return a 400 error when access level is not given" do + post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id + response.status.should == 400 + end + + it "should return a 422 error when access level is not known" do + post api("/user_teams/#{user_team2.id}/projects", admin), + project_id: project2.id, + greatest_access_level: 1234 + response.status.should == 422 + end + + end + end + + + describe "GET /user_teams/:id/projects/:project_id" do + context "when authenticated as member" do + it "should show project1's assignment to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1) + response.status.should == 200 + json_response['name'].should == project1.name + json_response['greatest_access_level'].should == UsersProject::MASTER + end + it "should show project2's is not assigned to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1) + response.status.should == 404 + end + end + + context "when authenticated as non-member" do + it "should not show project1's assignment to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2) + response.status.should == 404 + end + end + + context "when authenticated as admin" do + it "should show project1's assignment to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin) + response.status.should == 200 + json_response['name'].should == project1.name + json_response['greatest_access_level'].should == UsersProject::MASTER + end + it "should return a 404 error when project id is not known" do + get api("/user_teams/#{user_team2.id}/projects/1328", admin) + response.status.should == 404 + end + end + end + + describe "DELETE /user_teams/:id/projects/:project_id" do + context "when authenticated as user" do + it "should not delete project1's assignment to user_team2" do + delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1) + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should delete project1's assignment to user_team1" do + count_before=user_team1.user_team_project_relationships.count + delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin) + response.status.should == 200 + user_team1.user_team_project_relationships.count.should == count_before - 1 + end + it "should return a 404 error when project id is not known" do + delete api("/user_teams/#{user_team2.id}/projects/1328", admin) + response.status.should == 404 + end + end + end + +end