Port EE features to v3 API

5db92466 · Toon Claes · 07df394f · 5db92466 · 5db92466 · 5db92466
Commit 5db92466 authored Mar 02, 2017 by Toon Claes
Showing with 60 additions and 0 deletions

lib/api/v3/entities.rb lib/api/v3/entities.rb +6 -0

lib/api/v3/groups.rb lib/api/v3/groups.rb +22 -0

spec/requests/api/v3/groups_spec.rb spec/requests/api/v3/groups_spec.rb +32 -0

No files found.
--- a/lib/api/v3/entities.rb
+++ b/lib/api/v3/entities.rb
@@ -167,6 +167,12 @@ module API

      class Group < Grape::Entity
        expose :id, :name, :path, :description, :visibility_level
+
+        expose :ldap_cn, :ldap_access
+        expose :ldap_group_links,
+               using: ::API::Entities::LdapGroupLink,
+               if: lambda { |group, options| group.ldap_group_links.any? }
+
        expose :lfs_enabled?, as: :lfs_enabled
        expose :avatar_url
        expose :web_url

--- a/lib/api/v3/groups.rb
+++ b/lib/api/v3/groups.rb
@@ -11,6 +11,14 @@ module API
          optional :visibility_level, type: Integer, desc: 'The visibility level of the group'
          optional :lfs_enabled, type: Boolean, desc: 'Enable/disable LFS for the projects in this group'
          optional :request_access_enabled, type: Boolean, desc: 'Allow users to request member access'
+          optional :membership_lock, type: Boolean, desc: 'Prevent adding new members to project membership within this group'
+          optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group'
+        end
+
+        params :optional_params_ee do
+          optional :ldap_cn, type: String, desc: 'LDAP Common Name'
+          optional :ldap_access, type: Integer, desc: 'A valid access level'
+          all_or_none_of :ldap_cn, :ldap_access
        end

        params :statistics_params do
@@ -76,13 +84,27 @@ module API
          requires :path, type: String, desc: 'The path of the group'
          optional :parent_id, type: Integer, desc: 'The parent group id for creating nested group'
          use :optional_params
+          use :optional_params_ee
        end
        post do
          authorize! :create_group

+          ldap_link_attrs = {
+            cn: params.delete(:ldap_cn),
+            group_access: params.delete(:ldap_access)
+          }
+
          group = ::Groups::CreateService.new(current_user, declared_params(include_missing: false)).execute

          if group.persisted?
+            # NOTE: add backwards compatibility for single ldap link
+            if ldap_link_attrs[:cn].present?
+              group.ldap_group_links.create(
+                cn: ldap_link_attrs[:cn],
+                group_access: ldap_link_attrs[:group_access]
+              )
+            end
+
            present group, with: Entities::Group, current_user: current_user
          else
            render_api_error!("Failed to save group #{group.errors.messages}", 400)

--- a/spec/requests/api/v3/groups_spec.rb
+++ b/spec/requests/api/v3/groups_spec.rb
@@ -17,6 +17,7 @@ describe API::V3::Groups, api: true  do
  before do
    group1.add_owner(user1)
    group2.add_owner(user2)
+    group1.ldap_group_links.create cn: 'ldap-group', group_access: Gitlab::Access::MASTER, provider: 'ldap'
  end

  describe "GET /groups" do
@@ -37,6 +38,14 @@ describe API::V3::Groups, api: true  do
        expect(json_response.length).to eq(1)
        expect(json_response)
          .to satisfy_one { |group| group['name'] == group1.name }
+
+        expect(json_response.first['ldap_cn']).to eq(group1.ldap_cn)
+        expect(json_response.first['ldap_access']).to eq(group1.ldap_access)
+
+        ldap_group_link = json_response.first['ldap_group_links'].first
+        expect(ldap_group_link['cn']).to eq(group1.ldap_cn)
+        expect(ldap_group_link['group_access']).to eq(group1.ldap_access)
+        expect(ldap_group_link['provider']).to eq('ldap')
      end

      it "does not include statistics" do
@@ -453,6 +462,29 @@ describe API::V3::Groups, api: true  do

        expect(response).to have_http_status(400)
      end
+
+      it "creates an ldap_group_link if ldap_cn and ldap_access are supplied" do
+        group_attributes = attributes_for(:group, ldap_cn: 'ldap-group', ldap_access: Gitlab::Access::DEVELOPER)
+        expect { post v3_api("/groups", admin), group_attributes }.to change{ LdapGroupLink.count }.by(1)
+      end
+    end
+  end
+
+  describe "PUT /groups" do
+    context "when authenticated as user without group permissions" do
+      it "does not create group" do
+        put v3_api("/groups/#{group2.id}", user1), attributes_for(:group)
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context "when authenticated as user with group permissions" do
+      it "updates group" do
+        group2.update(owner: user2)
+        put v3_api("/groups/#{group2.id}", user2), { name: 'Renamed' }
+        expect(response.status).to eq(200)
+        expect(group2.reload.name).to eq('Renamed')
+      end
    end
  end