Merge branch 'former03-feature_teams_api'

d5d0c00e · Dmitriy Zaporozhets · 69d70400 · c3ba0ee6 · d5d0c00e · d5d0c00e
Commit d5d0c00e authored May 27, 2013 by Dmitriy Zaporozhets
6 changed files
--- a/doc/api/README.md
+++ b/doc/api/README.md
@@ -79,3 +79,4 @@ When listing resources you can pass the following parameters:
 + [Milestones](doc/api/milestones.md)
 + [Notes](doc/api/notes.md)
 + [System Hooks](doc/api/system_hooks.md)
+ [User Teams](doc/api/user_teams.md)
--- a/doc/api/user_teams.md
+++ b/doc/api/user_teams.md
+## User teams
+
+### List user teams
+
+Get a list of user teams viewable by the authenticated user.
+
+```
+GET /user_teams
+```
+
+```json
+[
+    {
+        id: 1,
+        name: "User team 1",
+        path: "user_team1",
+        owner_id: 1
+    },
+    {
+        id: 2,
+        name: "User team 2",
+        path: "user_team2",
+        owner_id: 1
+    }
+]
+```
+
+
+### Get single user team
+
+Get a specific user team, identified by user team ID, which is viewable by the authenticated user.
+
+```
+GET /user_teams/:id
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user_team
+
+```json
+{
+    id: 1,
+    name: "User team 1",
+    path: "user_team1",
+    owner_id: 1
+}
+```
+
+
+### Create user team
+
+Creates new user team owned by user. Available only for admins.
+
+```
+POST /user_teams
+```
+
+Parameters:
+
+ `name` (required) - new user team name
+ `path` (required) - new user team internal name
+
+
+
+## User team members
+
+### List user team members
+
+Get a list of project team members.
+
+```
+GET /user_teams/:id/members
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user_team
+
+
+### Get user team member
+
+Gets a user team member.
+
+```
+GET /user_teams/:id/members/:user_id
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user_team
+ `user_id` (required) - The ID of a user
+
+```json
+{
+    id: 2,
+    username: "john_doe",
+    email: "joh@doe.org",
+    name: "John Doe",
+    state: "active",
+    created_at: "2012-10-22T14:13:35Z",
+    access_level: 30
+}
+```
+
+
+### Add user team member
+
+Adds a user to a user team.
+
+```
+POST /user_teams/:id/members
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user team
+ `user_id` (required) - The ID of a user to add
+ `access_level` (required) - Project access level
+
+
+### Remove user team member
+
+Removes user from user team.
+
+```
+DELETE /user_teams/:id/members/:user_id
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user team
+ `user_id` (required) - The ID of a team member
+
+## User team projects
+
+### List user team projects
+
+Get a list of project team projects.
+
+```
+GET /user_teams/:id/projects
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user_team
+
+
+### Get user team project
+
+Gets a user team project.
+
+```
+GET /user_teams/:id/projects/:project_id
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user_team
+ `project_id` (required) - The ID of a user
+
+```json
+{
+    id: 12,
+    name: "project1",
+    description: null,
+    default_branch: "develop",
+    public: false,
+    path: "project1",
+    path_with_namespace: "group1/project1",
+    issues_enabled: false,
+    merge_requests_enabled: true,
+    wall_enabled: true,
+    wiki_enabled: false,
+    created_at: "2013-03-11T12:59:08Z",
+    greatest_access_level: 30
+}
+```
+
+
+### Add user team project
+
+Adds a project to a user team.
+
+```
+POST /user_teams/:id/projects
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user team
+ `project_id` (required) - The ID of a project to add
+ `greatest_access_level` (required) - Maximum project access level
+
+
+### Remove user team project
+
+Removes project from user team.
+
+```
+DELETE /user_teams/:id/projects/:project_id
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user team
+ `project_id` (required) - The ID of a team project
+
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -35,5 +35,6 @@ module API
    mount Notes
    mount Internal
    mount SystemHooks
+    mount UserTeams
  end
 end
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -40,6 +40,18 @@ module API
      end
    end

+    class TeamMember < UserBasic
+      expose :permission, as: :access_level do |user, options|
+        options[:user_team].user_team_user_relationships.find_by_user_id(user.id).permission
+      end
+    end
+
+    class TeamProject < Project
+      expose :greatest_access, as: :greatest_access_level do |project, options|
+        options[:user_team].user_team_project_relationships.find_by_project_id(project.id).greatest_access
+      end
+    end
+
    class Group < Grape::Entity
      expose :id, :name, :path, :owner_id
    end
@@ -87,6 +99,10 @@ module API
      expose :id, :title, :key, :created_at
    end

+    class UserTeam < Grape::Entity
+      expose :id, :name, :path, :owner_id
+    end
+
    class MergeRequest < Grape::Entity
      expose :id, :target_branch, :source_branch, :project_id, :title, :state
      expose :author, :assignee, using: Entities::UserBasic

--- a/lib/api/user_teams.rb
+++ b/lib/api/user_teams.rb
+module API
+  # user_teams API
+  class UserTeams < Grape::API
+    before { authenticate! }
+
+    resource :user_teams do
+      helpers do
+        def handle_team_member_errors(errors)
+          if errors[:permission].any?
+            render_api_error!(errors[:permission], 422)
+          end
+          not_found!
+        end
+
+        def validate_access_level?(level)
+          [UsersProject::GUEST, UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER].include? level.to_i
+        end
+      end
+
+
+      # Get a user_teams list
+      #
+      # Example Request:
+      #  GET /user_teams
+      get do
+        if current_user.admin
+          @user_teams = paginate UserTeam
+        else
+          @user_teams = paginate current_user.user_teams
+        end
+        present @user_teams, with: Entities::UserTeam
+      end
+
+
+      # Create user_team. Available only for admin
+      #
+      # Parameters:
+      #   name (required) - The name of the user_team
+      #   path (required) - The path of the user_team
+      # Example Request:
+      #   POST /user_teams
+      post do
+        authenticated_as_admin!
+        required_attributes! [:name, :path]
+
+        attrs = attributes_for_keys [:name, :path]
+        @user_team = UserTeam.new(attrs)
+        @user_team.owner = current_user
+
+        if @user_team.save
+          present @user_team, with: Entities::UserTeam
+        else
+          not_found!
+        end
+      end
+
+
+      # Get a single user_team
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      # Example Request:
+      #   GET /user_teams/:id
+      get ":id" do
+        @user_team = UserTeam.find(params[:id])
+        if current_user.admin or current_user.user_teams.include? @user_team
+          present @user_team, with: Entities::UserTeam
+        else
+          not_found!
+        end
+      end
+
+
+      # Get user_team members
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      # Example Request:
+      #   GET /user_teams/:id/members
+      get ":id/members" do
+        @user_team = UserTeam.find(params[:id])
+        if current_user.admin or current_user.user_teams.include? @user_team
+          @members = paginate @user_team.members
+          present @members, with: Entities::TeamMember, user_team: @user_team
+        else
+          not_found!
+        end
+      end
+
+
+      # Add a new user_team member
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      #   user_id (required) - The ID of a user
+      #   access_level (required) - Project access level
+      # Example Request:
+      #   POST /user_teams/:id/members
+      post ":id/members" do
+        authenticated_as_admin!
+        required_attributes! [:user_id, :access_level]
+
+        if not validate_access_level?(params[:access_level])
+          render_api_error!("Wrong access level", 422)
+        end
+
+        @user_team = UserTeam.find(params[:id])
+        if @user_team
+          team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+          # Not existing member
+          if team_member.nil?
+            @user_team.add_member(params[:user_id], params[:access_level], false)
+            team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+
+            if team_member.nil?
+              render_api_error!("Error creating membership", 500)
+            else
+              @member = team_member.user
+              present @member, with: Entities::TeamMember, user_team: @user_team
+            end
+          else
+            render_api_error!("Already exists", 409)
+          end
+        else
+          not_found!
+        end
+      end
+
+
+      # Get a single team member from user_team
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      #   user_id (required) - The ID of a team member
+      # Example Request:
+      #   GET /user_teams/:id/members/:user_id
+      get ":id/members/:user_id" do
+        @user_team = UserTeam.find(params[:id])
+        if current_user.admin or current_user.user_teams.include? @user_team
+          team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+          unless team_member.nil?
+            present team_member.user, with: Entities::TeamMember, user_team: @user_team
+          else
+            not_found!
+          end
+        else
+          not_found!
+        end
+      end
+
+      # Remove a team member from user_team
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      #   user_id (required) - The ID of a team member
+      # Example Request:
+      #   DELETE /user_teams/:id/members/:user_id
+      delete ":id/members/:user_id" do
+        authenticated_as_admin!
+
+        @user_team = UserTeam.find(params[:id])
+        if @user_team
+          team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+          unless team_member.nil?
+            team_member.destroy
+          else
+            not_found!
+          end
+        else
+          not_found!
+        end
+      end
+
+
+      # Get to user_team assigned projects
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      # Example Request:
+      #   GET /user_teams/:id/projects
+      get ":id/projects" do
+        @user_team = UserTeam.find(params[:id])
+        if current_user.admin or current_user.user_teams.include? @user_team
+          @projects = paginate @user_team.projects
+          present @projects, with: Entities::TeamProject, user_team: @user_team
+        else
+          not_found!
+        end
+      end
+
+
+      # Add a new user_team project
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      #   project_id (required) - The ID of a project
+      #   greatest_access_level (required) - Project access level
+      # Example Request:
+      #   POST /user_teams/:id/projects
+      post ":id/projects" do
+        authenticated_as_admin!
+        required_attributes! [:project_id, :greatest_access_level]
+
+        if not validate_access_level?(params[:greatest_access_level])
+          render_api_error!("Wrong greatest_access_level", 422)
+        end
+
+        @user_team = UserTeam.find(params[:id])
+        if @user_team
+          team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+
+          # No existing project
+          if team_project.nil?
+            @user_team.assign_to_projects([params[:project_id]], params[:greatest_access_level])
+            team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+            if team_project.nil?
+              render_api_error!("Error creating project assignment", 500)
+            else
+              @project = team_project.project
+              present @project, with: Entities::TeamProject, user_team: @user_team
+            end
+          else
+            render_api_error!("Already exists", 409)
+          end
+        else
+          not_found!
+        end
+      end
+
+      # Show a single team project from user_team
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      #   project_id (required) - The ID of a project assigned to the team
+      # Example Request:
+      #   GET /user_teams/:id/projects/:project_id
+      get ":id/projects/:project_id" do
+        @user_team = UserTeam.find(params[:id])
+        if current_user.admin or current_user.user_teams.include? @user_team
+          team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+          unless team_project.nil?
+            present team_project.project, with: Entities::TeamProject, user_team: @user_team
+          else
+            not_found!
+          end
+        else
+          not_found!
+        end
+      end
+
+      # Remove a team project from user_team
+      #
+      # Parameters:
+      #   id (required) - The ID of a user_team
+      #   project_id (required) - The ID of a project assigned to the team
+      # Example Request:
+      #   DELETE /user_teams/:id/projects/:project_id
+      delete ":id/projects/:project_id" do
+        authenticated_as_admin!
+
+        @user_team = UserTeam.find(params[:id])
+        if @user_team
+          team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+          unless team_project.nil?
+            team_project.destroy
+          else
+            not_found!
+          end
+        else
+          not_found!
+        end
+      end
+
+    end
+  end
+end
--- a/spec/requests/api/user_teams_spec.rb
+++ b/spec/requests/api/user_teams_spec.rb
+require 'spec_helper'
+
+describe API::API do
+  include ApiHelpers
+
+  # Create test objects
+  let(:user1) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:admin) { create(:admin) }
+  let!(:group1) { create(:group, owner: user1) }
+  let!(:group2) { create(:group, owner: user2) }
+  let(:user_team1) { create(:user_team, owner: user1) }
+  let(:user_team2) { create(:user_team, owner: user2) }
+  let!(:project1) { create(:project, creator_id: admin.id) }
+  let!(:project2) { create(:project, creator_id: admin.id) }
+
+
+  before {
+    # Add members to teams
+    user_team1.add_member(user1, UsersProject::MASTER, false)
+    user_team2.add_member(user2, UsersProject::MASTER, false)
+
+    # Add projects to teams
+    user_team1.assign_to_projects([project1.id], UsersProject::MASTER)
+    user_team2.assign_to_projects([project2.id], UsersProject::MASTER)
+
+  }
+
+  describe "GET /user_teams" do
+    context "when unauthenticated" do
+      it "should return authentication error" do
+        get api("/user_teams")
+        response.status.should == 401
+      end
+    end
+
+    context "when authenticated as user" do
+      it "normal user: should return an array of user_teams of user1" do
+        get api("/user_teams", user1)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.length.should == 1
+        json_response.first['name'].should == user_team1.name
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "admin: should return an array of all user_teams" do
+        get api("/user_teams", admin)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.length.should == 2
+      end
+    end
+  end
+
+  describe "GET /user_teams/:id" do
+    context "when authenticated as user" do
+      it "should return one of user1's user_teams" do
+        get api("/user_teams/#{user_team1.id}", user1)
+        response.status.should == 200
+        json_response['name'] == user_team1.name
+      end
+
+      it "should not return a non existing team" do
+        get api("/user_teams/1328", user1)
+        response.status.should == 404
+      end
+
+      it "should not return a user_team not attached to user1" do
+        get api("/user_teams/#{user_team2.id}", user1)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return any existing user_team" do
+        get api("/user_teams/#{user_team2.id}", admin)
+        response.status.should == 200
+        json_response['name'].should == user_team2.name
+      end
+
+      it "should not return a non existing user_team" do
+        get api("/user_teams/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  describe "POST /user_teams" do
+    context "when authenticated as user" do
+      it "should not create user_team" do
+        count_before=UserTeam.count
+        post api("/user_teams", user1), attributes_for(:user_team)
+        response.status.should == 403
+        UserTeam.count.should == count_before
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should create user_team" do
+        count_before=UserTeam.count
+        post api("/user_teams", admin), attributes_for(:user_team)
+        response.status.should == 201
+        UserTeam.count.should == count_before + 1
+      end
+
+      it "should not create user_team, duplicate" do
+        post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path}
+        response.status.should == 404
+      end
+
+      it "should return 400 bad request error if name not given" do
+        post api("/user_teams", admin), {:path => user_team2.path}
+        response.status.should == 400
+      end
+
+      it "should return 400 bad request error if path not given" do
+        post api("/user_teams", admin), {:name => 'test'}
+        response.status.should == 400
+      end
+    end
+  end
+
+  # Members
+
+  describe "GET /user_teams/:id/members" do
+    context "when authenticated as user" do
+      it "should return user1 as member of user1's user_teams" do
+        get api("/user_teams/#{user_team1.id}/members", user1)
+        response.status.should == 200
+        json_response.first['name'].should == user1.name
+        json_response.first['access_level'].should == UsersProject::MASTER
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return member of any existing user_team" do
+        get api("/user_teams/#{user_team2.id}/members", admin)
+        response.status.should == 200
+        json_response.first['name'].should == user2.name
+        json_response.first['access_level'].should == UsersProject::MASTER
+      end
+    end
+  end
+
+  describe "POST /user_teams/:id/members" do
+    context "when authenticated as user" do
+      it "should not add user2 as member of user_team1" do
+        post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return ok and add new member" do
+        count_before=user_team1.user_team_user_relationships.count
+        post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
+        response.status.should == 201
+        json_response['name'].should == user2.name
+        json_response['access_level'].should == UsersProject::MASTER
+        user_team1.user_team_user_relationships.count.should == count_before + 1
+      end
+      it "should return ok if member already exists" do
+        post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
+        response.status.should == 409
+      end
+      it "should return a 400 error when user id is not given" do
+        post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER
+        response.status.should == 400
+      end
+      it "should return a 400 error when access level is not given" do
+        post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id
+        response.status.should == 400
+      end
+
+      it "should return a 422 error when access level is not known" do
+        post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234
+        response.status.should == 422
+      end
+
+    end
+  end
+
+  # Get single member
+  describe "GET /user_teams/:id/members/:user_id" do
+    context "when authenticated as member" do
+      it "should show user1's membership of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
+        response.status.should == 200
+        json_response['name'].should == user1.name
+        json_response['access_level'].should == UsersProject::MASTER
+      end
+      it "should show that user2 is not member of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as non-member" do
+      it "should not show user1's membership of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should show user1's membership of user_team1" do
+        get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
+        response.status.should == 200
+        json_response['name'].should == user1.name
+        json_response['access_level'].should == UsersProject::MASTER
+      end
+      it "should return a 404 error when user id is not known" do
+        get api("/user_teams/#{user_team2.id}/members/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  describe "DELETE /user_teams/:id/members/:user_id" do
+    context "when authenticated as user" do
+      it "should not delete user1's membership of user_team1" do
+        delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should delete user1's membership of user_team1" do
+        count_before=user_team1.user_team_user_relationships.count
+        delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
+        response.status.should == 200
+        user_team1.user_team_user_relationships.count.should == count_before - 1
+      end
+      it "should return a 404 error when user id is not known" do
+        delete api("/user_teams/#{user_team2.id}/members/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  # Projects
+
+  describe "GET /user_teams/:id/projects" do
+    context "when authenticated as user" do
+      it "should return project1 as assigned to user_team1 as member user1" do
+        get api("/user_teams/#{user_team1.id}/projects", user1)
+        response.status.should == 200
+        json_response.first['name'].should == project1.name
+        json_response.length.should == user_team1.user_team_project_relationships.count
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should return project2 as assigned to user_team2 as non-member, but admin" do
+        get api("/user_teams/#{user_team2.id}/projects", admin)
+        response.status.should == 200
+        json_response.first['name'].should == project2.name
+        json_response.first['greatest_access_level'].should == UsersProject::MASTER
+      end
+    end
+  end
+
+  describe "POST /user_teams/:id/projects" do
+    context "when authenticated as admin" do
+      it "should return ok and add new project" do
+        count_before=user_team1.user_team_project_relationships.count
+        post api("/user_teams/#{user_team1.id}/projects", admin),
+             project_id: project2.id,
+             greatest_access_level: UsersProject::MASTER
+        response.status.should == 201
+        json_response['name'].should == project2.name
+        json_response['greatest_access_level'].should == UsersProject::MASTER
+        user_team1.user_team_project_relationships.count.should == count_before + 1
+      end
+      it "should return ok if project already exists" do
+        post api("/user_teams/#{user_team2.id}/projects", admin),
+             project_id: project2.id,
+             greatest_access_level: UsersProject::MASTER
+        response.status.should == 409
+      end
+      it "should return a 400 error when project id is not given" do
+        post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER
+        response.status.should == 400
+      end
+      it "should return a 400 error when access level is not given" do
+        post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id
+        response.status.should == 400
+      end
+
+      it "should return a 422 error when access level is not known" do
+        post api("/user_teams/#{user_team2.id}/projects", admin),
+             project_id: project2.id,
+             greatest_access_level: 1234
+        response.status.should == 422
+      end
+
+    end
+  end
+
+
+  describe "GET /user_teams/:id/projects/:project_id" do
+    context "when authenticated as member" do
+      it "should show project1's assignment to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1)
+        response.status.should == 200
+        json_response['name'].should == project1.name
+        json_response['greatest_access_level'].should == UsersProject::MASTER
+      end
+      it "should show project2's is not assigned to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as non-member" do
+      it "should not show project1's assignment to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2)
+        response.status.should == 404
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should show project1's assignment to user_team1" do
+        get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
+        response.status.should == 200
+        json_response['name'].should == project1.name
+        json_response['greatest_access_level'].should == UsersProject::MASTER
+      end
+      it "should return a 404 error when project id is not known" do
+        get api("/user_teams/#{user_team2.id}/projects/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+  describe "DELETE /user_teams/:id/projects/:project_id" do
+    context "when authenticated as user" do
+      it "should not delete project1's assignment to user_team2" do
+        delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should delete project1's assignment to user_team1" do
+        count_before=user_team1.user_team_project_relationships.count
+        delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
+        response.status.should == 200
+        user_team1.user_team_project_relationships.count.should == count_before - 1
+      end
+      it "should return a 404 error when project id is not known" do
+        delete api("/user_teams/#{user_team2.id}/projects/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
+end