Commit b0dacc8e authored by Vinnie Okada's avatar Vinnie Okada

Edit group members via API

Add an API endpoint to update the access level of an existing group
member.
parent 04953950
...@@ -50,7 +50,7 @@ v 7.8.0 (unreleased) ...@@ -50,7 +50,7 @@ v 7.8.0 (unreleased)
- -
- Password reset token validity increased from 2 hours to 2 days since it is also send on account creation. - Password reset token validity increased from 2 hours to 2 days since it is also send on account creation.
- -
- - Edit group members via API
- Enable raw image paste from clipboard, currently Chrome only (Marco Cyriacks) - Enable raw image paste from clipboard, currently Chrome only (Marco Cyriacks)
- -
- -
......
...@@ -152,6 +152,20 @@ Parameters: ...@@ -152,6 +152,20 @@ Parameters:
- `user_id` (required) - The ID of a user to add - `user_id` (required) - The ID of a user to add
- `access_level` (required) - Project access level - `access_level` (required) - Project access level
### Edit group team member
Updates a group team member to a specified access level.
```
PUT /groups/:id/members/:user_id
```
Parameters:
- `id` (required) - The ID of a group
- `user_id` (required) - The ID of a group member
- `access_level` (required) - Project access level
### Remove user team member ### Remove user team member
Removes user from user team. Removes user from user team.
......
...@@ -40,6 +40,30 @@ module API ...@@ -40,6 +40,30 @@ module API
present member.user, with: Entities::GroupMember, group: group present member.user, with: Entities::GroupMember, group: group
end end
# Update group member
#
# Parameters:
# id (required) - The ID of a group
# user_id (required) - The ID of a group member
# access_level (required) - Project access level
# Example Request:
# PUT /groups/:id/members/:user_id
put ':id/members/:user_id' do
group = find_group(params[:id])
authorize! :manage_group, group
required_attributes! [:access_level]
team_member = group.group_members.find_by(user_id: params[:user_id])
not_found!('User can not be found') if team_member.nil?
if team_member.update_attributes(access_level: params[:access_level])
@member = team_member.user
present @member, with: Entities::GroupMember, group: group
else
handle_member_errors team_member.errors
end
end
# Remove member. # Remove member.
# #
# Parameters: # Parameters:
......
...@@ -238,5 +238,10 @@ module API ...@@ -238,5 +238,10 @@ module API
def secret_token def secret_token
File.read(Rails.root.join('.gitlab_shell_secret')) File.read(Rails.root.join('.gitlab_shell_secret'))
end end
def handle_member_errors(errors)
error!(errors[:access_level], 422) if errors[:access_level].any?
not_found!(errors)
end
end end
end end
...@@ -4,14 +4,6 @@ module API ...@@ -4,14 +4,6 @@ module API
before { authenticate! } before { authenticate! }
resource :projects do resource :projects do
helpers do
def handle_project_member_errors(errors)
if errors[:access_level].any?
error!(errors[:access_level], 422)
end
not_found!(errors)
end
end
# Get a project team members # Get a project team members
# #
...@@ -66,7 +58,7 @@ module API ...@@ -66,7 +58,7 @@ module API
@member = team_member.user @member = team_member.user
present @member, with: Entities::ProjectMember, project: user_project present @member, with: Entities::ProjectMember, project: user_project
else else
handle_project_member_errors team_member.errors handle_member_errors team_member.errors
end end
end end
...@@ -89,7 +81,7 @@ module API ...@@ -89,7 +81,7 @@ module API
@member = team_member.user @member = team_member.user
present @member, with: Entities::ProjectMember, project: user_project present @member, with: Entities::ProjectMember, project: user_project
else else
handle_project_member_errors team_member.errors handle_member_errors team_member.errors
end end
end end
......
...@@ -104,6 +104,69 @@ describe API::API, api: true do ...@@ -104,6 +104,69 @@ describe API::API, api: true do
end end
end end
describe 'PUT /groups/:id/members/:user_id' do
context 'when not a member of the group' do
it 'should return a 409 error if the user is not a group member' do
put(
api("/groups/#{group_no_members.id}/members/#{developer.id}",
owner), access_level: GroupMember::MASTER
)
expect(response.status).to eq(404)
end
end
context 'when a member of the group' do
it 'should return ok and update member access level' do
put(
api("/groups/#{group_with_members.id}/members/#{reporter.id}",
owner),
access_level: GroupMember::MASTER
)
expect(response.status).to eq(200)
get api("/groups/#{group_with_members.id}/members", owner)
json_reporter = json_response.find do |e|
e['id'] == reporter.id
end
expect(json_reporter['access_level']).to eq(GroupMember::MASTER)
end
it 'should not allow guest to modify group members' do
put(
api("/groups/#{group_with_members.id}/members/#{developer.id}",
guest),
access_level: GroupMember::MASTER
)
expect(response.status).to eq(403)
get api("/groups/#{group_with_members.id}/members", owner)
json_developer = json_response.find do |e|
e['id'] == developer.id
end
expect(json_developer['access_level']).to eq(GroupMember::DEVELOPER)
end
it 'should return a 400 error when access level is not given' do
put(
api("/groups/#{group_with_members.id}/members/#{master.id}", owner)
)
expect(response.status).to eq(400)
end
it 'should return a 422 error when access level is not known' do
put(
api("/groups/#{group_with_members.id}/members/#{master.id}", owner),
access_level: 1234
)
expect(response.status).to eq(422)
end
end
end
describe "DELETE /groups/:id/members/:user_id" do describe "DELETE /groups/:id/members/:user_id" do
context "when not a member of the group" do context "when not a member of the group" do
it "should not delete guest's membership of group_with_members" do it "should not delete guest's membership of group_with_members" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment