900d30798b
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
153 lines
4.3 KiB
Ruby
153 lines
4.3 KiB
Ruby
module API
|
|
# groups API
|
|
class Groups < Grape::API
|
|
before { authenticate! }
|
|
|
|
resource :groups do
|
|
helpers do
|
|
def find_group(id)
|
|
group = Group.find(id)
|
|
|
|
if can?(current_user, :read_group, group)
|
|
group
|
|
else
|
|
render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
|
|
end
|
|
end
|
|
|
|
def validate_access_level?(level)
|
|
Gitlab::Access.options_with_owner.values.include? level.to_i
|
|
end
|
|
end
|
|
|
|
# Get a groups list
|
|
#
|
|
# Example Request:
|
|
# GET /groups
|
|
get do
|
|
if current_user.admin
|
|
@groups = paginate Group
|
|
else
|
|
@groups = paginate current_user.groups
|
|
end
|
|
present @groups, with: Entities::Group
|
|
end
|
|
|
|
# Create group. Available only for admin
|
|
#
|
|
# Parameters:
|
|
# name (required) - The name of the group
|
|
# path (required) - The path of the group
|
|
# Example Request:
|
|
# POST /groups
|
|
post do
|
|
authenticated_as_admin!
|
|
required_attributes! [:name, :path]
|
|
|
|
attrs = attributes_for_keys [:name, :path]
|
|
@group = Group.new(attrs)
|
|
@group.owner = current_user
|
|
|
|
if @group.save
|
|
present @group, with: Entities::Group
|
|
else
|
|
not_found!
|
|
end
|
|
end
|
|
|
|
# Get a single group, with containing projects
|
|
#
|
|
# Parameters:
|
|
# id (required) - The ID of a group
|
|
# Example Request:
|
|
# GET /groups/:id
|
|
get ":id" do
|
|
group = find_group(params[:id])
|
|
present group, with: Entities::GroupDetail
|
|
end
|
|
|
|
# Remove group
|
|
#
|
|
# Parameters:
|
|
# id (required) - The ID of a group
|
|
# Example Request:
|
|
# DELETE /groups/:id
|
|
delete ":id" do
|
|
group = find_group(params[:id])
|
|
authorize! :manage_group, group
|
|
group.destroy
|
|
end
|
|
|
|
# Transfer a project to the Group namespace
|
|
#
|
|
# Parameters:
|
|
# id - group id
|
|
# project_id - project id
|
|
# Example Request:
|
|
# POST /groups/:id/projects/:project_id
|
|
post ":id/projects/:project_id" do
|
|
authenticated_as_admin!
|
|
group = Group.find(params[:id])
|
|
project = Project.find(params[:project_id])
|
|
result = ::Projects::TransferService.new(project, current_user, namespace_id: group.id).execute
|
|
|
|
if result
|
|
present group
|
|
else
|
|
not_found!
|
|
end
|
|
end
|
|
|
|
# Get a list of group members viewable by the authenticated user.
|
|
#
|
|
# Example Request:
|
|
# GET /groups/:id/members
|
|
get ":id/members" do
|
|
group = find_group(params[:id])
|
|
members = group.users_groups
|
|
users = (paginate members).collect(&:user)
|
|
present users, with: Entities::GroupMember, group: group
|
|
end
|
|
|
|
# Add a user to the list of group members
|
|
#
|
|
# Parameters:
|
|
# id (required) - group id
|
|
# user_id (required) - the users id
|
|
# access_level (required) - Project access level
|
|
# Example Request:
|
|
# POST /groups/:id/members
|
|
post ":id/members" do
|
|
required_attributes! [:user_id, :access_level]
|
|
unless validate_access_level?(params[:access_level])
|
|
render_api_error!("Wrong access level", 422)
|
|
end
|
|
group = find_group(params[:id])
|
|
if group.users_groups.find_by(user_id: params[:user_id])
|
|
render_api_error!("Already exists", 409)
|
|
end
|
|
group.add_users([params[:user_id]], params[:access_level])
|
|
member = group.users_groups.find_by(user_id: params[:user_id])
|
|
present member.user, with: Entities::GroupMember, group: group
|
|
end
|
|
|
|
# Remove member.
|
|
#
|
|
# Parameters:
|
|
# id (required) - group id
|
|
# user_id (required) - the users id
|
|
#
|
|
# Example Request:
|
|
# DELETE /groups/:id/members/:user_id
|
|
delete ":id/members/:user_id" do
|
|
group = find_group(params[:id])
|
|
member = group.users_groups.find_by(user_id: params[:user_id])
|
|
if member.nil?
|
|
render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}",404)
|
|
else
|
|
member.destroy
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|