Merge branch 'update-members-api-for-multiple-user_ids' into 'master'

Update Add Members Api to accept user_id list See merge request gitlab-org/gitlab!44051

Merge branch 'update-members-api-for-multiple-user_ids' into 'master'
Update Add Members Api to accept user_id list See merge request gitlab-org/gitlab!44051
3381411d · Rémy Coutable · 93e52c14 · a42efbf9 · 3381411d · 3381411d
Commit 3381411d authored Oct 13, 2020 by Rémy Coutable
5 changed files
--- a/app/services/members/create_service.rb
+++ b/app/services/members/create_service.rb
@@ -7,7 +7,7 @@ module Members
    def execute(source)
      return error(s_('AddMember|No users specified.')) if params[:user_ids].blank?

-      user_ids = params[:user_ids].split(',').uniq
+      user_ids = params[:user_ids].split(',').uniq.flatten

      return error(s_("AddMember|Too many users specified (limit is %{user_limit})") % { user_limit: user_limit }) if
        user_limit && user_ids.size > user_limit

--- a/changelogs/unreleased/update-members-api-for-multiple-user_ids.yml
+++ b/changelogs/unreleased/update-members-api-for-multiple-user_ids.yml
+---
+title: Update Add Members API to accept user_id array
+merge_request: 44051
+author:
+type: added
--- a/doc/api/members.md
+++ b/doc/api/members.md
@@ -290,7 +290,7 @@ POST /projects/:id/members
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `id`      | integer/string | yes | The ID or [URL-encoded path of the project or group](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `user_id` | integer         | yes | The user ID of the new member |
+| `user_id` | integer/string | yes | The user ID of the new member or multiple IDs separated by commas |
 | `access_level` | integer | yes | A valid access level |
 | `expires_at` | string | no | A date string in the format YEAR-MONTH-DAY |


--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -88,8 +88,8 @@ module API
          success Entities::Member
        end
        params do
-          requires :user_id, type: Integer, desc: 'The user ID of the new member'
          requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
+          requires :user_id, types: [Integer, String], desc: 'The user ID of the new member or multiple IDs separated by commas.'
          optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
        end
        # rubocop: disable CodeReuse/ActiveRecord
@@ -97,20 +97,26 @@ module API
          source = find_source(source_type, params[:id])
          authorize_admin_source!(source_type, source)

-          member = source.members.find_by(user_id: params[:user_id])
-          conflict!('Member already exists') if member
+          if params[:user_id].to_s.include?(',')
+            create_service_params = params.except(:user_id).merge({ user_ids: params[:user_id] })

-          user = User.find_by_id(params[:user_id])
-          not_found!('User') unless user
+            ::Members::CreateService.new(current_user, create_service_params).execute(source)
+          elsif params[:user_id].present?
+            member = source.members.find_by(user_id: params[:user_id])
+            conflict!('Member already exists') if member

-          member = create_member(current_user, user, source, params)
+            user = User.find_by_id(params[:user_id])
+            not_found!('User') unless user

-          if !member
-            not_allowed! # This currently can only be reached in EE
-          elsif member.valid? && member.persisted?
-            present_members(member)
-          else
-            render_validation_error!(member)
+            member = create_member(current_user, user, source, params)
+
+            if !member
+              not_allowed! # This currently can only be reached in EE
+            elsif member.valid? && member.persisted?
+              present_members(member)
+            else
+              render_validation_error!(member)
+            end
          end
        end
        # rubocop: enable CodeReuse/ActiveRecord

--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -251,6 +251,36 @@ RSpec.describe API::Members do
          expect(json_response['id']).to eq(stranger.id)
          expect(json_response['access_level']).to eq(Member::DEVELOPER)
        end
+
+        describe 'executes the Members::CreateService for multiple user_ids' do
+          it 'returns success when it successfully create all members' do
+            expect do
+              user_ids = [stranger.id, access_requester.id].join(',')
+
+              post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
+                   params: { user_id: user_ids, access_level: Member::DEVELOPER }
+
+              expect(response).to have_gitlab_http_status(:created)
+            end.to change { source.members.count }.by(2)
+            expect(json_response['status']).to eq('success')
+          end
+
+          it 'returns the error message if there was an error adding members to group' do
+            error_message = 'Unable to find User ID'
+            user_ids = [stranger.id, access_requester.id].join(',')
+
+            allow_next_instance_of(::Members::CreateService) do |service|
+              expect(service).to receive(:execute).with(source).and_return({ status: :error, message: error_message })
+            end
+
+            expect do
+              post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
+                   params: { user_id: user_ids, access_level: Member::DEVELOPER }
+            end.not_to change { source.members.count }
+            expect(json_response['status']).to eq('error')
+            expect(json_response['message']).to eq(error_message)
+          end
+        end
      end

      context 'access levels' do