Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
b0dacc8e
Commit
b0dacc8e
authored
Jan 20, 2015
by
Vinnie Okada
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Edit group members via API
Add an API endpoint to update the access level of an existing group member.
parent
04953950
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
109 additions
and
11 deletions
+109
-11
CHANGELOG
CHANGELOG
+1
-1
doc/api/groups.md
doc/api/groups.md
+14
-0
lib/api/group_members.rb
lib/api/group_members.rb
+24
-0
lib/api/helpers.rb
lib/api/helpers.rb
+5
-0
lib/api/project_members.rb
lib/api/project_members.rb
+2
-10
spec/requests/api/group_members_spec.rb
spec/requests/api/group_members_spec.rb
+63
-0
No files found.
CHANGELOG
View file @
b0dacc8e
...
@@ -50,7 +50,7 @@ v 7.8.0 (unreleased)
...
@@ -50,7 +50,7 @@ v 7.8.0 (unreleased)
-
-
- Password reset token validity increased from 2 hours to 2 days since it is also send on account creation.
- Password reset token validity increased from 2 hours to 2 days since it is also send on account creation.
-
-
-
-
Edit group members via API
- Enable raw image paste from clipboard, currently Chrome only (Marco Cyriacks)
- Enable raw image paste from clipboard, currently Chrome only (Marco Cyriacks)
-
-
-
-
...
...
doc/api/groups.md
View file @
b0dacc8e
...
@@ -152,6 +152,20 @@ Parameters:
...
@@ -152,6 +152,20 @@ Parameters:
-
`user_id`
(required) - The ID of a user to add
-
`user_id`
(required) - The ID of a user to add
-
`access_level`
(required) - Project access level
-
`access_level`
(required) - Project access level
### Edit group team member
Updates a group team member to a specified access level.
```
PUT /groups/:id/members/:user_id
```
Parameters:
-
`id`
(required) - The ID of a group
-
`user_id`
(required) - The ID of a group member
-
`access_level`
(required) - Project access level
### Remove user team member
### Remove user team member
Removes user from user team.
Removes user from user team.
...
...
lib/api/group_members.rb
View file @
b0dacc8e
...
@@ -40,6 +40,30 @@ module API
...
@@ -40,6 +40,30 @@ module API
present
member
.
user
,
with:
Entities
::
GroupMember
,
group:
group
present
member
.
user
,
with:
Entities
::
GroupMember
,
group:
group
end
end
# Update group member
#
# Parameters:
# id (required) - The ID of a group
# user_id (required) - The ID of a group member
# access_level (required) - Project access level
# Example Request:
# PUT /groups/:id/members/:user_id
put
':id/members/:user_id'
do
group
=
find_group
(
params
[
:id
])
authorize!
:manage_group
,
group
required_attributes!
[
:access_level
]
team_member
=
group
.
group_members
.
find_by
(
user_id:
params
[
:user_id
])
not_found!
(
'User can not be found'
)
if
team_member
.
nil?
if
team_member
.
update_attributes
(
access_level:
params
[
:access_level
])
@member
=
team_member
.
user
present
@member
,
with:
Entities
::
GroupMember
,
group:
group
else
handle_member_errors
team_member
.
errors
end
end
# Remove member.
# Remove member.
#
#
# Parameters:
# Parameters:
...
...
lib/api/helpers.rb
View file @
b0dacc8e
...
@@ -238,5 +238,10 @@ module API
...
@@ -238,5 +238,10 @@ module API
def
secret_token
def
secret_token
File
.
read
(
Rails
.
root
.
join
(
'.gitlab_shell_secret'
))
File
.
read
(
Rails
.
root
.
join
(
'.gitlab_shell_secret'
))
end
end
def
handle_member_errors
(
errors
)
error!
(
errors
[
:access_level
],
422
)
if
errors
[
:access_level
].
any?
not_found!
(
errors
)
end
end
end
end
end
lib/api/project_members.rb
View file @
b0dacc8e
...
@@ -4,14 +4,6 @@ module API
...
@@ -4,14 +4,6 @@ module API
before
{
authenticate!
}
before
{
authenticate!
}
resource
:projects
do
resource
:projects
do
helpers
do
def
handle_project_member_errors
(
errors
)
if
errors
[
:access_level
].
any?
error!
(
errors
[
:access_level
],
422
)
end
not_found!
(
errors
)
end
end
# Get a project team members
# Get a project team members
#
#
...
@@ -66,7 +58,7 @@ module API
...
@@ -66,7 +58,7 @@ module API
@member
=
team_member
.
user
@member
=
team_member
.
user
present
@member
,
with:
Entities
::
ProjectMember
,
project:
user_project
present
@member
,
with:
Entities
::
ProjectMember
,
project:
user_project
else
else
handle_
project_
member_errors
team_member
.
errors
handle_member_errors
team_member
.
errors
end
end
end
end
...
@@ -89,7 +81,7 @@ module API
...
@@ -89,7 +81,7 @@ module API
@member
=
team_member
.
user
@member
=
team_member
.
user
present
@member
,
with:
Entities
::
ProjectMember
,
project:
user_project
present
@member
,
with:
Entities
::
ProjectMember
,
project:
user_project
else
else
handle_
project_
member_errors
team_member
.
errors
handle_member_errors
team_member
.
errors
end
end
end
end
...
...
spec/requests/api/group_members_spec.rb
View file @
b0dacc8e
...
@@ -104,6 +104,69 @@ describe API::API, api: true do
...
@@ -104,6 +104,69 @@ describe API::API, api: true do
end
end
end
end
describe
'PUT /groups/:id/members/:user_id'
do
context
'when not a member of the group'
do
it
'should return a 409 error if the user is not a group member'
do
put
(
api
(
"/groups/
#{
group_no_members
.
id
}
/members/
#{
developer
.
id
}
"
,
owner
),
access_level:
GroupMember
::
MASTER
)
expect
(
response
.
status
).
to
eq
(
404
)
end
end
context
'when a member of the group'
do
it
'should return ok and update member access level'
do
put
(
api
(
"/groups/
#{
group_with_members
.
id
}
/members/
#{
reporter
.
id
}
"
,
owner
),
access_level:
GroupMember
::
MASTER
)
expect
(
response
.
status
).
to
eq
(
200
)
get
api
(
"/groups/
#{
group_with_members
.
id
}
/members"
,
owner
)
json_reporter
=
json_response
.
find
do
|
e
|
e
[
'id'
]
==
reporter
.
id
end
expect
(
json_reporter
[
'access_level'
]).
to
eq
(
GroupMember
::
MASTER
)
end
it
'should not allow guest to modify group members'
do
put
(
api
(
"/groups/
#{
group_with_members
.
id
}
/members/
#{
developer
.
id
}
"
,
guest
),
access_level:
GroupMember
::
MASTER
)
expect
(
response
.
status
).
to
eq
(
403
)
get
api
(
"/groups/
#{
group_with_members
.
id
}
/members"
,
owner
)
json_developer
=
json_response
.
find
do
|
e
|
e
[
'id'
]
==
developer
.
id
end
expect
(
json_developer
[
'access_level'
]).
to
eq
(
GroupMember
::
DEVELOPER
)
end
it
'should return a 400 error when access level is not given'
do
put
(
api
(
"/groups/
#{
group_with_members
.
id
}
/members/
#{
master
.
id
}
"
,
owner
)
)
expect
(
response
.
status
).
to
eq
(
400
)
end
it
'should return a 422 error when access level is not known'
do
put
(
api
(
"/groups/
#{
group_with_members
.
id
}
/members/
#{
master
.
id
}
"
,
owner
),
access_level:
1234
)
expect
(
response
.
status
).
to
eq
(
422
)
end
end
end
describe
"DELETE /groups/:id/members/:user_id"
do
describe
"DELETE /groups/:id/members/:user_id"
do
context
"when not a member of the group"
do
context
"when not a member of the group"
do
it
"should not delete guest's membership of group_with_members"
do
it
"should not delete guest's membership of group_with_members"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment