BigW Consortium Gitlab

group_members.rb 2.75 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
module API
  class GroupMembers < Grape::API
    before { authenticate! }

    resource :groups do
      # Get a list of group members viewable by the authenticated user.
      #
      # Example Request:
      #  GET /groups/:id/members
      get ":id/members" do
        group = find_group(params[:id])
12
        users = group.users
13 14 15 16 17 18 19 20 21 22 23 24
        present users, with: Entities::GroupMember, group: group
      end

      # Add a user to the list of group members
      #
      # Parameters:
      #   id (required) - group id
      #   user_id (required) - the users id
      #   access_level (required) - Project access level
      # Example Request:
      #  POST /groups/:id/members
      post ":id/members" do
25
        group = find_group(params[:id])
26
        authorize! :admin_group, group
27
        required_attributes! [:user_id, :access_level]
28

29 30 31
        unless validate_access_level?(params[:access_level])
          render_api_error!("Wrong access level", 422)
        end
32

33 34 35
        if group.group_members.find_by(user_id: params[:user_id])
          render_api_error!("Already exists", 409)
        end
36

37
        group.add_users([params[:user_id]], params[:access_level], current_user)
38 39 40 41
        member = group.group_members.find_by(user_id: params[:user_id])
        present member.user, with: Entities::GroupMember, group: group
      end

42 43 44 45 46 47 48 49 50 51
      # Update group member
      #
      # Parameters:
      #   id (required) - The ID of a group
      #   user_id (required) - The ID of a group member
      #   access_level (required) - Project access level
      # Example Request:
      #   PUT /groups/:id/members/:user_id
      put ':id/members/:user_id' do
        group = find_group(params[:id])
52
        authorize! :admin_group, group
53 54
        required_attributes! [:access_level]

55 56
        group_member = group.group_members.find_by(user_id: params[:user_id])
        not_found!('User can not be found') if group_member.nil?
57

58 59
        if group_member.update_attributes(access_level: params[:access_level])
          @member = group_member.user
60 61
          present @member, with: Entities::GroupMember, group: group
        else
62
          handle_member_errors group_member.errors
63 64 65
        end
      end

66 67 68 69 70 71 72 73 74 75
      # Remove member.
      #
      # Parameters:
      #   id (required) - group id
      #   user_id (required) - the users id
      #
      # Example Request:
      #   DELETE /groups/:id/members/:user_id
      delete ":id/members/:user_id" do
        group = find_group(params[:id])
76
        authorize! :admin_group, group
77 78
        member = group.group_members.find_by(user_id: params[:user_id])

79 80 81 82 83 84 85 86 87
        if member.nil?
          render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}",404)
        else
          member.destroy
        end
      end
    end
  end
end