BigW Consortium Gitlab

groups.rb 4.28 KB
Newer Older
1
module API
2 3 4 5
  # groups API
  class Groups < Grape::API
    before { authenticate! }

6
    resource :groups do
Izaak Alpert committed
7 8 9
      helpers do
        def find_group(id)
          group = Group.find(id)
10 11

          if can?(current_user, :read_group, group)
Izaak Alpert committed
12 13 14 15 16
            group
          else
            render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
          end
        end
17

Izaak Alpert committed
18
        def validate_access_level?(level)
Izaak Alpert committed
19
          Gitlab::Access.options_with_owner.values.include? level.to_i
Izaak Alpert committed
20 21
        end
      end
Izaak Alpert committed
22

23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
      # Get a groups list
      #
      # Example Request:
      #  GET /groups
      get do
        if current_user.admin
          @groups = paginate Group
        else
          @groups = paginate current_user.groups
        end
        present @groups, with: Entities::Group
      end

      # Create group. Available only for admin
      #
      # Parameters:
39 40
      #   name (required) - The name of the group
      #   path (required) - The path of the group
41 42 43 44
      # Example Request:
      #   POST /groups
      post do
        authenticated_as_admin!
45
        required_attributes! [:name, :path]
46

47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
        attrs = attributes_for_keys [:name, :path]
        @group = Group.new(attrs)
        @group.owner = current_user

        if @group.save
          present @group, with: Entities::Group
        else
          not_found!
        end
      end

      # Get a single group, with containing projects
      #
      # Parameters:
      #   id (required) - The ID of a group
      # Example Request:
      #   GET /groups/:id
      get ":id" do
Izaak Alpert committed
65 66
        group = find_group(params[:id])
        present group, with: Entities::GroupDetail
67
      end
Angus MacArthur committed
68

69 70 71 72 73 74 75 76 77 78 79 80
      # Remove group
      #
      # Parameters:
      #   id (required) - The ID of a group
      # Example Request:
      #   DELETE /groups/:id
      delete ":id" do
        group = find_group(params[:id])
        authorize! :manage_group, group
        group.destroy
      end

Angus MacArthur committed
81 82 83 84 85 86 87 88 89
      # Transfer a project to the Group namespace
      #
      # Parameters:
      #   id - group id
      #   project_id  - project id
      # Example Request:
      #   POST /groups/:id/projects/:project_id
      post ":id/projects/:project_id" do
        authenticated_as_admin!
90
        group = Group.find(params[:id])
Angus MacArthur committed
91
        project = Project.find(params[:project_id])
92 93 94 95
        result = ::Projects::TransferService.new(project, current_user, namespace_id: group.id).execute

        if result
          present group
Angus MacArthur committed
96 97 98
        else
          not_found!
        end
99
      end
Izaak Alpert committed
100 101 102 103 104 105 106 107

      # Get a list of group members viewable by the authenticated user.
      #
      # Example Request:
      #  GET /groups/:id/members
      get ":id/members" do
        group = find_group(params[:id])
        members = group.users_groups
Izaak Alpert committed
108
        users = (paginate members).collect(&:user)
Izaak Alpert committed
109 110 111 112 113 114 115 116 117 118 119 120 121
        present users, with: Entities::GroupMember, group: group
      end

      # Add a user to the list of group members
      #
      # Parameters:
      #   id (required) - group id
      #   user_id (required) - the users id
      #   access_level (required) - Project access level
      # Example Request:
      #  POST /groups/:id/members
      post ":id/members" do
        required_attributes! [:user_id, :access_level]
Izaak Alpert committed
122
        unless validate_access_level?(params[:access_level])
Izaak Alpert committed
123 124 125
          render_api_error!("Wrong access level", 422)
        end
        group = find_group(params[:id])
skv committed
126
        if group.users_groups.find_by(user_id: params[:user_id])
Izaak Alpert committed
127 128 129
          render_api_error!("Already exists", 409)
        end
        group.add_users([params[:user_id]], params[:access_level])
skv committed
130
        member = group.users_groups.find_by(user_id: params[:user_id])
Izaak Alpert committed
131 132 133 134 135 136 137 138 139 140 141 142 143
        present member.user, with: Entities::GroupMember, group: group
      end

      # Remove member.
      #
      # Parameters:
      #   id (required) - group id
      #   user_id (required) - the users id
      #
      # Example Request:
      #   DELETE /groups/:id/members/:user_id
      delete ":id/members/:user_id" do
        group = find_group(params[:id])
skv committed
144
        member =  group.users_groups.find_by(user_id: params[:user_id])
Izaak Alpert committed
145 146 147 148 149 150
        if member.nil?
          render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}",404)
        else
          member.destroy
        end
      end
151
    end
152 153
  end
end