Merge branch 'settings-via-api' into 'master'

API to set application settings for admin
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

See merge request !934

doc/api/README.md

@@ -20,6 +20,7 @@
 - [System Hooks](system_hooks.md)
 - [Groups](groups.md)
 - [Namespaces](namespaces.md)
+- [Settings](settings.md)
 
 ## Clients
 

doc/api/settings.md

+# Application settings
+
+This API allows you to read and modify GitLab instance application settings. 
+
+
+## Get current application settings: 
+
+```
+GET /application/settings
+```
+
+```json
+{
+  "id": 1,
+  "default_projects_limit": 10,
+  "signup_enabled": true,
+  "signin_enabled": true,
+  "gravatar_enabled": true,
+  "sign_in_text": "",
+  "created_at": "2015-06-12T15:51:55.432Z",
+  "updated_at": "2015-06-30T13:22:42.210Z",
+  "home_page_url": "",
+  "default_branch_protection": 2,
+  "twitter_sharing_enabled": true,
+  "restricted_visibility_levels": [],
+  "max_attachment_size": 10,
+  "session_expire_delay": 10080,
+  "default_project_visibility": 0,
+  "default_snippet_visibility": 0,
+  "restricted_signup_domains": [],
+  "user_oauth_applications": true,
+  "after_sign_out_path": ""
+}
+```
+
+## Change application settings: 
+
+
+
+```
+PUT /application/settings
+```
+
+Parameters:
+
+- `default_projects_limit` - project limit per user
+- `signup_enabled` - enable registration
+- `signin_enabled` - enable login via GitLab account
+- `gravatar_enabled` - enable gravatar
+- `sign_in_text` - text on login page
+- `home_page_url` - redirect to this URL when not logged in
+- `default_branch_protection` - determine if developers can push to master
+- `twitter_sharing_enabled` - allow users to share project creation in twitter
+- `restricted_visibility_levels` - restrict certain visibility levels
+- `max_attachment_size` - limit attachment size
+- `session_expire_delay` - session lifetime
+- `default_project_visibility` - what visibility level new project receives
+- `default_snippet_visibility` - what visibility level new snippet receives
+- `restricted_signup_domains` - force people to use only corporate emails for signup
+- `user_oauth_applications` - allow users to create oauth applicaitons
+- `after_sign_out_path` - where redirect user after logout
+
+All parameters are optional. You can send only one that you want to change.
+
+
+```json
+{
+  "id": 1,
+  "default_projects_limit": 10,
+  "signup_enabled": true,
+  "signin_enabled": true,
+  "gravatar_enabled": true,
+  "sign_in_text": "",
+  "created_at": "2015-06-12T15:51:55.432Z",
+  "updated_at": "2015-06-30T13:22:42.210Z",
+  "home_page_url": "",
+  "default_branch_protection": 2,
+  "twitter_sharing_enabled": true,
+  "restricted_visibility_levels": [],
+  "max_attachment_size": 10,
+  "session_expire_delay": 10080,
+  "default_project_visibility": 0,
+  "default_snippet_visibility": 0,
+  "restricted_signup_domains": [],
+  "user_oauth_applications": true,
+  "after_sign_out_path": ""
+}
+```

lib/api/api.rb

@@ -49,5 +49,6 @@ module API
     mount Namespaces
     mount Branches
     mount Labels
+    mount Settings
   end
 end

lib/api/entities.rb

@@ -277,5 +277,27 @@ module API
     class BroadcastMessage < Grape::Entity
       expose :message, :starts_at, :ends_at, :color, :font
     end
+
+    class ApplicationSetting < Grape::Entity
+      expose :id
+      expose :default_projects_limit
+      expose :signup_enabled
+      expose :signin_enabled
+      expose :gravatar_enabled
+      expose :sign_in_text
+      expose :created_at
+      expose :updated_at
+      expose :home_page_url
+      expose :default_branch_protection
+      expose :twitter_sharing_enabled
+      expose :restricted_visibility_levels
+      expose :max_attachment_size
+      expose :session_expire_delay
+      expose :default_project_visibility
+      expose :default_snippet_visibility
+      expose :restricted_signup_domains
+      expose :user_oauth_applications
+      expose :after_sign_out_path
+    end
   end
 end

lib/api/settings.rb

+module API
+  class Settings < Grape::API
+    before { authenticated_as_admin! }
+
+    helpers do
+      def current_settings
+        @current_setting ||=
+          (ApplicationSetting.current || ApplicationSetting.create_from_defaults)
+      end
+    end
+
+    # Get current applicaiton settings
+    #
+    # Example Request:
+    #   GET /application/settings
+    get "application/settings" do
+      present current_settings, with: Entities::ApplicationSetting
+    end
+
+    # Modify applicaiton settings
+    #
+    # Example Request:
+    #   PUT /application/settings
+    put "application/settings" do
+      attributes = current_settings.attributes.keys - ["id"]
+      attrs = attributes_for_keys(attributes)
+
+      if current_settings.update_attributes(attrs)
+        present current_settings, with: Entities::ApplicationSetting
+      else
+        render_validation_error!(current_settings)
+      end
+    end
+  end
+end

spec/requests/api/settings_spec.rb

+require 'spec_helper'
+
+describe API::API, 'Settings', api: true  do
+  include ApiHelpers
+
+  let(:user) { create(:user) }
+  let(:admin) { create(:admin) }
+
+
+  describe "GET /application/settings" do
+    it "should return application settings" do
+      get api("/application/settings", admin)
+      expect(response.status).to eq(200)
+      expect(json_response).to be_an Hash
+      expect(json_response['default_projects_limit']).to eq(42)
+      expect(json_response['signin_enabled']).to be_truthy
+    end
+  end
+
+  describe "PUT /application/settings" do
+    it "should update application settings" do
+      put api("/application/settings", admin),
+        default_projects_limit: 3, signin_enabled: false
+      expect(response.status).to eq(200)
+      expect(json_response['default_projects_limit']).to eq(3)
+      expect(json_response['signin_enabled']).to be_falsey
+    end
+  end
+end