groups.rb 10.4 KB
Newer Older
1
module API
2
  class Groups < Grape::API
3
    include PaginationParams
4
    include Helpers::CustomAttributes
Robert Schilling's avatar
Robert Schilling committed
5

6
    before { authenticate_non_get! }
7

Robert Schilling's avatar
Robert Schilling committed
8
    helpers do
9
      params :optional_params_ce do
Robert Schilling's avatar
Robert Schilling committed
10
        optional :description, type: String, desc: 'The description of the group'
Robert Schilling's avatar
Robert Schilling committed
11 12 13 14 15
        optional :visibility, type: String,
                              values: Gitlab::VisibilityLevel.string_values,
                              default: Gitlab::VisibilityLevel.string_level(
                                Gitlab::CurrentSettings.current_application_settings.default_group_visibility),
                              desc: 'The visibility of the group'
Robert Schilling's avatar
Robert Schilling committed
16 17
        optional :lfs_enabled, type: Boolean, desc: 'Enable/disable LFS for the projects in this group'
        optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access'
18
        optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group'
Robert Schilling's avatar
Robert Schilling committed
19
      end
20 21

      params :optional_params_ee do
22
        optional :membership_lock, type: Boolean, desc: 'Prevent adding new members to project membership within this group'
23 24
        optional :ldap_cn, type: String, desc: 'LDAP Common Name'
        optional :ldap_access, type: Integer, desc: 'A valid access level'
25
        optional :shared_runners_minutes_limit, type: Integer, desc: '(admin-only) Pipeline minutes quota for this group'
26 27
        all_or_none_of :ldap_cn, :ldap_access
      end
28

29 30 31 32 33
      params :optional_params do
        use :optional_params_ce
        use :optional_params_ee
      end

34 35 36 37
      params :statistics_params do
        optional :statistics, type: Boolean, default: false, desc: 'Include project statistics'
      end

38
      params :group_list_params do
39
        use :statistics_params
Robert Schilling's avatar
Robert Schilling committed
40 41 42
        optional :skip_groups, type: Array[Integer], desc: 'Array of group ids to exclude from list'
        optional :all_available, type: Boolean, desc: 'Show all group that you have access to'
        optional :search, type: String, desc: 'Search for a specific group'
43
        optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user'
44 45
        optional :order_by, type: String, values: %w[name path], default: 'name', desc: 'Order by name or path'
        optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)'
46
        use :pagination
Robert Schilling's avatar
Robert Schilling committed
47
      end
48 49

      def find_groups(params)
50 51
        find_params = {
          all_available: params[:all_available],
52 53
          custom_attributes: params[:custom_attributes],
          owned: params[:owned]
54
        }
55
        find_params[:parent] = find_group!(params[:id]) if params[:id]
56

57
        groups = GroupsFinder.new(current_user, find_params).execute
58 59
        # EE-only
        groups = groups.preload(:ldap_group_links)
Robert Schilling's avatar
Robert Schilling committed
60 61
        groups = groups.search(params[:search]) if params[:search].present?
        groups = groups.where.not(id: params[:skip_groups]) if params[:skip_groups].present?
62
        groups = groups.reorder(params[:order_by] => params[:sort])
63

64 65 66
        groups
      end

67 68 69 70 71 72 73
      def find_group_projects(params)
        group = find_group!(params[:id])
        projects = GroupProjectsFinder.new(group: group, current_user: current_user, params: project_finder_params).execute
        projects = reorder_projects(projects)
        paginate(projects)
      end

74 75 76 77 78 79 80 81
      def present_groups(params, groups)
        options = {
          with: Entities::Group,
          current_user: current_user,
          statistics: params[:statistics] && current_user.admin?
        }

        groups = groups.with_statistics if options[:statistics]
82 83
        groups, options = with_custom_attributes(groups, options)

84 85 86 87 88 89 90 91 92 93 94 95
        present paginate(groups), options
      end
    end

    resource :groups do
      include CustomAttributesEndpoints

      desc 'Get a groups list' do
        success Entities::Group
      end
      params do
        use :group_list_params
96
        use :with_custom_attributes
97 98 99 100
      end
      get do
        groups = find_groups(params)
        present_groups params, groups
101 102
      end

Robert Schilling's avatar
Robert Schilling committed
103 104 105 106 107 108
      desc 'Create a group. Available only for users who can create groups.' do
        success Entities::Group
      end
      params do
        requires :name, type: String, desc: 'The name of the group'
        requires :path, type: String, desc: 'The path of the group'
109 110 111 112 113

        if ::Group.supports_nested_groups?
          optional :parent_id, type: Integer, desc: 'The parent group id for creating nested group'
        end

Robert Schilling's avatar
Robert Schilling committed
114 115
        use :optional_params
      end
116
      post do
117 118 119 120 121 122
        parent_group = find_group!(params[:parent_id]) if params[:parent_id].present?
        if parent_group
          authorize! :create_subgroup, parent_group
        else
          authorize! :create_group
        end
123

124 125 126 127 128
        ldap_link_attrs = {
          cn: params.delete(:ldap_cn),
          group_access: params.delete(:ldap_access)
        }

129 130 131
        # EE
        authenticated_as_admin! if params[:shared_runners_minutes_limit]

132
        group = ::Groups::CreateService.new(current_user, declared_params(include_missing: false)).execute
133

134
        if group.persisted?
135
          # NOTE: add backwards compatibility for single ldap link
136
          if ldap_link_attrs[:cn].present?
137
            group.ldap_group_links.create(
138 139
              cn: ldap_link_attrs[:cn],
              group_access: ldap_link_attrs[:group_access]
140
            )
141
          end
142

143
          present group, with: Entities::GroupDetail, current_user: current_user
144
        else
Robert Schilling's avatar
Robert Schilling committed
145
          render_api_error!("Failed to save group #{group.errors.messages}", 400)
146 147
        end
      end
Robert Schilling's avatar
Robert Schilling committed
148
    end
149

Robert Schilling's avatar
Robert Schilling committed
150 151 152
    params do
      requires :id, type: String, desc: 'The ID of a group'
    end
153
    resource :groups, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
Robert Schilling's avatar
Robert Schilling committed
154 155 156 157 158 159 160 161
      desc 'Update a group. Available only for users who can administrate groups.' do
        success Entities::Group
      end
      params do
        optional :name, type: String, desc: 'The name of the group'
        optional :path, type: String, desc: 'The path of the group'
        use :optional_params
      end
162
      put ':id' do
163
        group = find_group!(params[:id])
164
        authorize! :admin_group, group
165

166
        # EE
167 168
        if params[:shared_runners_minutes_limit].present? &&
            group.shared_runners_minutes_limit.to_i !=
169
                params[:shared_runners_minutes_limit].to_i
170
          authenticated_as_admin!
171
        end
172

Robert Schilling's avatar
Robert Schilling committed
173
        if ::Groups::UpdateService.new(group, current_user, declared_params(include_missing: false)).execute
174
          present group, with: Entities::GroupDetail, current_user: current_user
175
        else
176
          render_validation_error!(group)
177 178 179
        end
      end

Robert Schilling's avatar
Robert Schilling committed
180 181 182
      desc 'Get a single group, with containing projects.' do
        success Entities::GroupDetail
      end
183 184 185
      params do
        use :with_custom_attributes
      end
186
      get ":id" do
187
        group = find_group!(params[:id])
188 189 190 191 192 193 194 195 196

        options = {
          with: Entities::GroupDetail,
          current_user: current_user
        }

        group, options = with_custom_attributes(group, options)

        present group, options
197
      end
Angus MacArthur's avatar
Angus MacArthur committed
198

Robert Schilling's avatar
Robert Schilling committed
199
      desc 'Remove a group.'
200
      delete ":id" do
201 202
        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4795')

203
        group = find_group!(params[:id])
204
        authorize! :admin_group, group
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
205

206 207 208
        destroy_conditionally!(group) do |group|
          ::Groups::DestroyService.new(group, current_user).execute
        end
209
        status 204
210 211
      end

Robert Schilling's avatar
Robert Schilling committed
212 213 214
      desc 'Get a list of projects in this group.' do
        success Entities::Project
      end
215
      params do
Robert Schilling's avatar
Robert Schilling committed
216
        optional :archived, type: Boolean, default: false, desc: 'Limit by archived status'
217
        optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values,
Robert Schilling's avatar
Robert Schilling committed
218 219 220 221 222 223
                              desc: 'Limit by visibility'
        optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria'
        optional :order_by, type: String, values: %w[id name path created_at updated_at last_activity_at],
                            default: 'created_at', desc: 'Return projects ordered by field'
        optional :sort, type: String, values: %w[asc desc], default: 'desc',
                        desc: 'Return projects sorted in ascending and descending order'
224 225
        optional :simple, type: Boolean, default: false,
                          desc: 'Return only the ID, URL, name, and path of each project'
226 227 228
        optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user'
        optional :starred, type: Boolean, default: false, desc: 'Limit by starred status'

229
        use :pagination
230
        use :with_custom_attributes
231
      end
232
      get ":id/projects" do
233 234
        projects = find_group_projects(params)

235 236 237 238 239 240 241 242
        options = {
          with: params[:simple] ? Entities::BasicProjectDetails : Entities::Project,
          current_user: current_user
        }

        projects, options = with_custom_attributes(projects, options)

        present options[:with].prepare_relation(projects), options
243 244
      end

245 246 247 248 249
      desc 'Get a list of subgroups in this group.' do
        success Entities::Group
      end
      params do
        use :group_list_params
250
        use :with_custom_attributes
251 252 253 254 255 256
      end
      get ":id/subgroups" do
        groups = find_groups(params)
        present_groups params, groups
      end

Robert Schilling's avatar
Robert Schilling committed
257 258 259 260
      desc 'Transfer a project to the group namespace. Available only for admin.' do
        success Entities::GroupDetail
      end
      params do
261
        requires :project_id, type: String, desc: 'The ID or path of the project'
Robert Schilling's avatar
Robert Schilling committed
262
      end
263
      post ":id/projects/:project_id", requirements: { project_id: /.+/ } do
Angus MacArthur's avatar
Angus MacArthur committed
264
        authenticated_as_admin!
265 266
        group = find_group!(params[:id])
        project = find_project!(params[:project_id])
267
        result = ::Projects::TransferService.new(project, current_user).execute(group)
268 269

        if result
270
          present group, with: Entities::GroupDetail, current_user: current_user
Angus MacArthur's avatar
Angus MacArthur committed
271
        else
272
          render_api_error!("Failed to transfer project #{project.errors.messages}", 400)
Angus MacArthur's avatar
Angus MacArthur committed
273
        end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
274
      end
275 276 277

      desc 'Sync a group with LDAP.'
      post ":id/ldap_sync" do
278
        not_found! unless Gitlab::LDAP::Config.group_sync_enabled?
279

280 281 282 283 284 285
        group = find_group!(params[:id])
        authorize! :admin_group, group

        if group.pending_ldap_sync
          LdapGroupSyncWorker.perform_async(group.id)
        end
286

287
        status 202
288
      end
289
    end
290 291
  end
end