diff --git a/lib/api/api.rb b/lib/api/api.rb index 6bec8368b12..7c4cdad7f0d 100644 --- a/lib/api/api.rb +++ b/lib/api/api.rb @@ -38,6 +38,7 @@ module API mount Internal mount SystemHooks mount ProjectSnippets + mount ProjectMembers mount DeployKeys mount ProjectHooks mount Services diff --git a/lib/api/project_hooks.rb b/lib/api/project_hooks.rb index c271dd8b61b..79c3d122d32 100644 --- a/lib/api/project_hooks.rb +++ b/lib/api/project_hooks.rb @@ -5,15 +5,6 @@ module API before { authorize_admin_project } resource :projects do - helpers do - def handle_project_member_errors(errors) - if errors[:project_access].any? - error!(errors[:project_access], 422) - end - not_found! - end - end - # Get project hooks # # Parameters: diff --git a/lib/api/project_members.rb b/lib/api/project_members.rb new file mode 100644 index 00000000000..47c4ddce163 --- /dev/null +++ b/lib/api/project_members.rb @@ -0,0 +1,114 @@ +module API + # Projects members API + class ProjectMembers < Grape::API + before { authenticate! } + + resource :projects do + helpers do + def handle_project_member_errors(errors) + if errors[:project_access].any? + error!(errors[:project_access], 422) + end + not_found! + end + end + + # Get a project team members + # + # Parameters: + # id (required) - The ID of a project + # query - Query string + # Example Request: + # GET /projects/:id/members + get ":id/members" do + if params[:query].present? + @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%") + else + @members = paginate user_project.users + end + present @members, with: Entities::ProjectMember, project: user_project + end + + # Get a project team members + # + # Parameters: + # id (required) - The ID of a project + # user_id (required) - The ID of a user + # Example Request: + # GET /projects/:id/members/:user_id + get ":id/members/:user_id" do + @member = user_project.users.find params[:user_id] + present @member, with: Entities::ProjectMember, project: user_project + end + + # Add a new project team member + # + # Parameters: + # id (required) - The ID of a project + # user_id (required) - The ID of a user + # access_level (required) - Project access level + # Example Request: + # POST /projects/:id/members + post ":id/members" do + authorize! :admin_project, user_project + required_attributes! [:user_id, :access_level] + + # either the user is already a team member or a new one + team_member = user_project.team_member_by_id(params[:user_id]) + if team_member.nil? + team_member = user_project.users_projects.new( + user_id: params[:user_id], + project_access: params[:access_level] + ) + end + + if team_member.save + @member = team_member.user + present @member, with: Entities::ProjectMember, project: user_project + else + handle_project_member_errors team_member.errors + end + end + + # Update project team member + # + # Parameters: + # id (required) - The ID of a project + # user_id (required) - The ID of a team member + # access_level (required) - Project access level + # Example Request: + # PUT /projects/:id/members/:user_id + put ":id/members/:user_id" do + authorize! :admin_project, user_project + required_attributes! [:access_level] + + team_member = user_project.users_projects.find_by(user_id: params[:user_id]) + not_found!("User can not be found") if team_member.nil? + + if team_member.update_attributes(project_access: params[:access_level]) + @member = team_member.user + present @member, with: Entities::ProjectMember, project: user_project + else + handle_project_member_errors team_member.errors + end + end + + # Remove a team member from project + # + # Parameters: + # id (required) - The ID of a project + # user_id (required) - The ID of a team member + # Example Request: + # DELETE /projects/:id/members/:user_id + delete ":id/members/:user_id" do + authorize! :admin_project, user_project + team_member = user_project.users_projects.find_by(user_id: params[:user_id]) + unless team_member.nil? + team_member.destroy + else + {message: "Access revoked", id: params[:user_id].to_i} + end + end + end + end +end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index bcca69ff49a..618a582a451 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -5,13 +5,6 @@ module API resource :projects do helpers do - def handle_project_member_errors(errors) - if errors[:project_access].any? - error!(errors[:project_access], 422) - end - not_found! - end - def map_public_to_visibility_level(attrs) publik = attrs.delete(:public) publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik) @@ -196,104 +189,6 @@ module API user_project.forked_project_link.destroy end end - - # Get a project team members - # - # Parameters: - # id (required) - The ID of a project - # query - Query string - # Example Request: - # GET /projects/:id/members - get ":id/members" do - if params[:query].present? - @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%") - else - @members = paginate user_project.users - end - present @members, with: Entities::ProjectMember, project: user_project - end - - # Get a project team members - # - # Parameters: - # id (required) - The ID of a project - # user_id (required) - The ID of a user - # Example Request: - # GET /projects/:id/members/:user_id - get ":id/members/:user_id" do - @member = user_project.users.find params[:user_id] - present @member, with: Entities::ProjectMember, project: user_project - end - - # Add a new project team member - # - # Parameters: - # id (required) - The ID of a project - # user_id (required) - The ID of a user - # access_level (required) - Project access level - # Example Request: - # POST /projects/:id/members - post ":id/members" do - authorize! :admin_project, user_project - required_attributes! [:user_id, :access_level] - - # either the user is already a team member or a new one - team_member = user_project.team_member_by_id(params[:user_id]) - if team_member.nil? - team_member = user_project.users_projects.new( - user_id: params[:user_id], - project_access: params[:access_level] - ) - end - - if team_member.save - @member = team_member.user - present @member, with: Entities::ProjectMember, project: user_project - else - handle_project_member_errors team_member.errors - end - end - - # Update project team member - # - # Parameters: - # id (required) - The ID of a project - # user_id (required) - The ID of a team member - # access_level (required) - Project access level - # Example Request: - # PUT /projects/:id/members/:user_id - put ":id/members/:user_id" do - authorize! :admin_project, user_project - required_attributes! [:access_level] - - team_member = user_project.users_projects.find_by(user_id: params[:user_id]) - not_found!("User can not be found") if team_member.nil? - - if team_member.update_attributes(project_access: params[:access_level]) - @member = team_member.user - present @member, with: Entities::ProjectMember, project: user_project - else - handle_project_member_errors team_member.errors - end - end - - # Remove a team member from project - # - # Parameters: - # id (required) - The ID of a project - # user_id (required) - The ID of a team member - # Example Request: - # DELETE /projects/:id/members/:user_id - delete ":id/members/:user_id" do - authorize! :admin_project, user_project - team_member = user_project.users_projects.find_by(user_id: params[:user_id]) - unless team_member.nil? - team_member.destroy - else - {message: "Access revoked", id: params[:user_id].to_i} - end - end - # search for projects current_user has access to # # Parameters: diff --git a/spec/requests/api/project_members_spec.rb b/spec/requests/api/project_members_spec.rb new file mode 100644 index 00000000000..f3c0529da92 --- /dev/null +++ b/spec/requests/api/project_members_spec.rb @@ -0,0 +1,156 @@ +require 'spec_helper' + +describe API::API do + include ApiHelpers + before(:each) { enable_observers } + after(:each) { disable_observers } + + let(:user) { create(:user) } + let(:user2) { create(:user) } + let(:user3) { create(:user) } + let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } + let(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) } + let(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) } + + describe "GET /projects/:id/members" do + before { users_project } + before { users_project2 } + + it "should return project team members" do + get api("/projects/#{project.id}/members", user) + response.status.should == 200 + json_response.should be_an Array + json_response.count.should == 2 + json_response.map { |u| u['email'] }.should include user.email + end + + it "finds team members with query string" do + get api("/projects/#{project.id}/members", user), query: user.username + response.status.should == 200 + json_response.should be_an Array + json_response.count.should == 1 + json_response.first['email'].should == user.email + end + + it "should return a 404 error if id not found" do + get api("/projects/9999/members", user) + response.status.should == 404 + end + end + + describe "GET /projects/:id/members/:user_id" do + before { users_project } + + it "should return project team member" do + get api("/projects/#{project.id}/members/#{user.id}", user) + response.status.should == 200 + json_response['email'].should == user.email + json_response['access_level'].should == UsersProject::MASTER + end + + it "should return a 404 error if user id not found" do + get api("/projects/#{project.id}/members/1234", user) + response.status.should == 404 + end + end + + describe "POST /projects/:id/members" do + it "should add user to project team" do + expect { + post api("/projects/#{project.id}/members", user), user_id: user2.id, + access_level: UsersProject::DEVELOPER + }.to change { UsersProject.count }.by(1) + + response.status.should == 201 + json_response['email'].should == user2.email + json_response['access_level'].should == UsersProject::DEVELOPER + end + + it "should return a 201 status if user is already project member" do + post api("/projects/#{project.id}/members", user), user_id: user2.id, + access_level: UsersProject::DEVELOPER + expect { + post api("/projects/#{project.id}/members", user), user_id: user2.id, + access_level: UsersProject::DEVELOPER + }.not_to change { UsersProject.count }.by(1) + + response.status.should == 201 + json_response['email'].should == user2.email + json_response['access_level'].should == UsersProject::DEVELOPER + end + + it "should return a 400 error when user id is not given" do + post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER + response.status.should == 400 + end + + it "should return a 400 error when access level is not given" do + post api("/projects/#{project.id}/members", user), user_id: user2.id + response.status.should == 400 + end + + it "should return a 422 error when access level is not known" do + post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234 + response.status.should == 422 + end + end + + describe "PUT /projects/:id/members/:user_id" do + before { users_project2 } + + it "should update project team member" do + put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER + response.status.should == 200 + json_response['email'].should == user3.email + json_response['access_level'].should == UsersProject::MASTER + end + + it "should return a 404 error if user_id is not found" do + put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER + response.status.should == 404 + end + + it "should return a 400 error when access level is not given" do + put api("/projects/#{project.id}/members/#{user3.id}", user) + response.status.should == 400 + end + + it "should return a 422 error when access level is not known" do + put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123 + response.status.should == 422 + end + end + + describe "DELETE /projects/:id/members/:user_id" do + before { users_project } + before { users_project2 } + + it "should remove user from project team" do + expect { + delete api("/projects/#{project.id}/members/#{user3.id}", user) + }.to change { UsersProject.count }.by(-1) + end + + it "should return 200 if team member is not part of a project" do + delete api("/projects/#{project.id}/members/#{user3.id}", user) + expect { + delete api("/projects/#{project.id}/members/#{user3.id}", user) + }.to_not change { UsersProject.count }.by(1) + end + + it "should return 200 if team member already removed" do + delete api("/projects/#{project.id}/members/#{user3.id}", user) + delete api("/projects/#{project.id}/members/#{user3.id}", user) + response.status.should == 200 + end + + it "should return 200 OK when the user was not member" do + expect { + delete api("/projects/#{project.id}/members/1000000", user) + }.to change { UsersProject.count }.by(0) + response.status.should == 200 + json_response['message'].should == "Access revoked" + json_response['id'].should == 1000000 + end + end +end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 342587ba5d6..b4b5f606eee 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -311,148 +311,6 @@ describe API::API do end end - describe "GET /projects/:id/members" do - before { users_project } - before { users_project2 } - - it "should return project team members" do - get api("/projects/#{project.id}/members", user) - response.status.should == 200 - json_response.should be_an Array - json_response.count.should == 2 - json_response.map { |u| u['email'] }.should include user.email - end - - it "finds team members with query string" do - get api("/projects/#{project.id}/members", user), query: user.username - response.status.should == 200 - json_response.should be_an Array - json_response.count.should == 1 - json_response.first['email'].should == user.email - end - - it "should return a 404 error if id not found" do - get api("/projects/9999/members", user) - response.status.should == 404 - end - end - - describe "GET /projects/:id/members/:user_id" do - before { users_project } - - it "should return project team member" do - get api("/projects/#{project.id}/members/#{user.id}", user) - response.status.should == 200 - json_response['email'].should == user.email - json_response['access_level'].should == UsersProject::MASTER - end - - it "should return a 404 error if user id not found" do - get api("/projects/#{project.id}/members/1234", user) - response.status.should == 404 - end - end - - describe "POST /projects/:id/members" do - it "should add user to project team" do - expect { - post api("/projects/#{project.id}/members", user), user_id: user2.id, - access_level: UsersProject::DEVELOPER - }.to change { UsersProject.count }.by(1) - - response.status.should == 201 - json_response['email'].should == user2.email - json_response['access_level'].should == UsersProject::DEVELOPER - end - - it "should return a 201 status if user is already project member" do - post api("/projects/#{project.id}/members", user), user_id: user2.id, - access_level: UsersProject::DEVELOPER - expect { - post api("/projects/#{project.id}/members", user), user_id: user2.id, - access_level: UsersProject::DEVELOPER - }.not_to change { UsersProject.count }.by(1) - - response.status.should == 201 - json_response['email'].should == user2.email - json_response['access_level'].should == UsersProject::DEVELOPER - end - - it "should return a 400 error when user id is not given" do - post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER - response.status.should == 400 - end - - it "should return a 400 error when access level is not given" do - post api("/projects/#{project.id}/members", user), user_id: user2.id - response.status.should == 400 - end - - it "should return a 422 error when access level is not known" do - post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234 - response.status.should == 422 - end - end - - describe "PUT /projects/:id/members/:user_id" do - before { users_project2 } - - it "should update project team member" do - put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER - response.status.should == 200 - json_response['email'].should == user3.email - json_response['access_level'].should == UsersProject::MASTER - end - - it "should return a 404 error if user_id is not found" do - put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER - response.status.should == 404 - end - - it "should return a 400 error when access level is not given" do - put api("/projects/#{project.id}/members/#{user3.id}", user) - response.status.should == 400 - end - - it "should return a 422 error when access level is not known" do - put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123 - response.status.should == 422 - end - end - - describe "DELETE /projects/:id/members/:user_id" do - before { users_project } - before { users_project2 } - - it "should remove user from project team" do - expect { - delete api("/projects/#{project.id}/members/#{user3.id}", user) - }.to change { UsersProject.count }.by(-1) - end - - it "should return 200 if team member is not part of a project" do - delete api("/projects/#{project.id}/members/#{user3.id}", user) - expect { - delete api("/projects/#{project.id}/members/#{user3.id}", user) - }.to_not change { UsersProject.count }.by(1) - end - - it "should return 200 if team member already removed" do - delete api("/projects/#{project.id}/members/#{user3.id}", user) - delete api("/projects/#{project.id}/members/#{user3.id}", user) - response.status.should == 200 - end - - it "should return 200 OK when the user was not member" do - expect { - delete api("/projects/#{project.id}/members/1000000", user) - }.to change { UsersProject.count }.by(0) - response.status.should == 200 - json_response['message'].should == "Access revoked" - json_response['id'].should == 1000000 - end - end - describe "GET /projects/:id/snippets" do before { snippet }