Add docs/tests for groups api

doc/api/README.md

@@ -32,6 +32,7 @@ When listing resources you can pass the following parameters:
 + [Users](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/users.md)
 + [Session](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/session.md)
 + [Projects](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/projects.md)
++ [Groups](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/groups.md)
 + [Snippets](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/snippets.md)
 + [Repositories](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/repositories.md)
 + [Issues](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/issues.md)

doc/api/groups.md

+## List project groups
+
+Get a list of groups. (As user: my groups, as admin: all groups)
+
+```
+GET /groups
+```
+
+```json
+[
+    {
+        "id": 1,
+        "name": "Foobar Group",
+        "path": "foo-bar",
+        "owner_id": 18
+    }
+]
+```
+
+## Details of group
+
+Get all details of a group.
+
+```
+GET /groups/:id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a group
+
+## New group
+
+Create a new project group. Available only for admin
+
+```
+POST /groups
+```
+
+Parameters:
++ `name` (required)                  - Email
++ `path`                             - Password
+
+Will return created group with status `201 Created` on success, or `404 Not found` on fail.
+

spec/requests/api/groups_spec.rb

+require 'spec_helper'
+
+describe Gitlab::API do
+  include ApiHelpers
+
+  let(:user1)  { create(:user) }
+  let(:user2)  { create(:user) }
+  let(:admin) { create(:admin) }
+  let!(:group1)  { create(:group, owner: user1) }
+  let!(:group2)  { create(:group, owner: user2) }
+
+  describe "GET /groups" do
+    context "when unauthenticated" do
+      it "should return authentication error" do
+        get api("/groups")
+        response.status.should == 401
+      end
+    end
+
+    context "when authenticated as user" do
+      it "normal user: should return an array of groups of user1" do
+        get api("/groups", user1)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.length.should == 1
+        json_response.first['name'].should == group1.name
+      end
+    end
+    
+    context "when authenticated as  admin" do
+      it "admin: should return an array of all groups" do
+        get api("/groups", admin)
+        response.status.should == 200
+        json_response.should be_an Array
+        json_response.length.should == 2
+      end
+    end
+  end
+  
+  describe "GET /groups/:id" do
+    context "when authenticated as user" do
+      it "should return one of user1's groups" do
+        get api("/groups/#{group1.id}", user1)
+        response.status.should == 200
+        json_response['name'] == group1.name
+      end
+      
+      it "should not return a non existing group" do
+        get api("/groups/1328", user1)
+        response.status.should == 404
+      end
+      
+      it "should not return a group not attached to user1" do
+        get api("/groups/#{group2.id}", user1)
+        response.status.should == 404
+      end
+    end
+    
+    context "when authenticated as admin" do
+      it "should return any existing group" do
+        get api("/groups/#{group2.id}", admin)
+        response.status.should == 200
+        json_response['name'] == group2.name
+      end
+      
+      it "should not return a non existing group" do
+        get api("/groups/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+  
+  describe "POST /groups" do
+    context "when authenticated as user" do
+      it "should not create group" do
+        post api("/groups", user1), attributes_for(:group)
+        response.status.should == 403
+      end
+    end
+    
+    context "when authenticated as admin" do
+      it "should create group" do
+        post api("/groups", admin), attributes_for(:group)
+        response.status.should == 201
+      end
+    end
+  end
+end