Merge branch 'groupapi-avatar-support' into 'master'

Avatar upload support for Group Create/Update API

Closes #36681

See merge request gitlab-org/gitlab!25751

changelogs/unreleased/groupapi-avatar-support.yml

+---
+title: Add avatar upload support for create and update group APIs
+merge_request: 25751
+author: Rajendra Kadam
+type: added

doc/api/groups.md

@@ -492,6 +492,7 @@ Parameters:
 | `auto_devops_enabled`                | boolean | no       | Default to Auto DevOps pipeline for all projects within this group. |
 | `subgroup_creation_level`            | string  | no       | Allowed to create subgroups. Can be `owner` (Owners), or `maintainer` (Maintainers). |
 | `emails_disabled`                    | boolean | no       | Disable email notifications |
+| `avatar`                             | mixed   | no       | Image file for avatar of the group. [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/issues/36681) |
 | `mentions_disabled`                  | boolean | no       | Disable the capability of a group from getting mentioned |
 | `lfs_enabled`                        | boolean | no       | Enable/disable Large File Storage (LFS) for the projects in this group. |
 | `request_access_enabled`             | boolean | no       | Allow users to request member access. |
@@ -553,6 +554,7 @@ PUT /groups/:id
 | `auto_devops_enabled`                | boolean | no       | Default to Auto DevOps pipeline for all projects within this group. |
 | `subgroup_creation_level`            | string  | no       | Allowed to create subgroups. Can be `owner` (Owners), or `maintainer` (Maintainers). |
 | `emails_disabled`                    | boolean | no       | Disable email notifications |
+| `avatar`                             | mixed   | no       | Image file for avatar of the group. [Introduced in GitLab 12.9](https://gitlab.com/gitlab-org/gitlab/issues/36681) |
 | `mentions_disabled`                  | boolean | no       | Disable the capability of a group from getting mentioned |
 | `lfs_enabled` (optional)             | boolean | no       | Enable/disable Large File Storage (LFS) for the projects in this group. |
 | `request_access_enabled`             | boolean | no       | Allow users to request member access. |

lib/api/helpers/groups_helpers.rb

@@ -11,6 +11,8 @@ module API
         optional :visibility, type: String,
                  values: Gitlab::VisibilityLevel.string_values,
                  desc: 'The visibility of the group'
+        # TODO: remove rubocop disable - https://gitlab.com/gitlab-org/gitlab/issues/14960
+        optional :avatar, type: File, desc: 'Avatar image for the group' # rubocop:disable Scalability/FileUploads
         optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group'
         optional :require_two_factor_authentication, type: Boolean, desc: 'Require all users in this group to setup Two-factor authentication'
         optional :two_factor_grace_period, type: Integer, desc: 'Time before Two-factor authentication is enforced'

spec/requests/api/groups_spec.rb

@@ -21,6 +21,47 @@ describe API::Groups do
     group2.add_owner(user2)
   end
 
+  shared_examples 'group avatar upload' do
+    context 'when valid' do
+      let(:file_path) { 'spec/fixtures/banana_sample.gif' }
+
+      it 'returns avatar url in response' do
+        make_upload_request
+
+        group_id = json_response['id']
+        expect(json_response['avatar_url']).to eq('http://localhost/uploads/'\
+                                                  '-/system/group/avatar/'\
+                                                  "#{group_id}/banana_sample.gif")
+      end
+    end
+
+    context 'when invalid' do
+      shared_examples 'invalid file upload request' do
+        it 'returns 400' do
+          make_upload_request
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(response.message).to eq('Bad Request')
+          expect(json_response['message'].to_s).to match(/#{message}/)
+        end
+      end
+
+      context 'when file format is not supported' do
+        let(:file_path) { 'spec/fixtures/doc_sample.txt' }
+        let(:message)   { 'file format is not supported. Please try one of the following supported formats: png, jpg, jpeg, gif, bmp, tiff, ico' }
+
+        it_behaves_like 'invalid file upload request'
+      end
+
+      context 'when file format is not supported' do
+        let(:file_path) { 'spec/fixtures/big-image.png' }
+        let(:message)   { 'is too big' }
+
+        it_behaves_like 'invalid file upload request'
+      end
+    end
+  end
+
   describe "GET /groups" do
     context "when unauthenticated" do
       it "returns public groups" do
@@ -539,6 +580,15 @@ describe API::Groups do
   describe 'PUT /groups/:id' do
     let(:new_group_name) { 'New Group'}
 
+    it_behaves_like 'group avatar upload' do
+      def make_upload_request
+        group_param = {
+          avatar: fixture_file_upload(file_path)
+        }
+        put api("/groups/#{group1.id}", user1), params: group_param
+      end
+    end
+
     context 'when authenticated as the group owner' do
       it 'updates the group' do
         put api("/groups/#{group1.id}", user1), params: {
@@ -940,6 +990,16 @@ describe API::Groups do
   end
 
   describe "POST /groups" do
+    it_behaves_like 'group avatar upload' do
+      def make_upload_request
+        params = attributes_for_group_api(request_access_enabled: false).tap do |attrs|
+          attrs[:avatar] = fixture_file_upload(file_path)
+        end
+
+        post api("/groups", user3), params: params
+      end
+    end
+
     context "when authenticated as user without group permissions" do
       it "does not create group" do
         group = attributes_for_group_api