Merge branch '13679-add-get-endpoint-to-ldap-group-link-api' into 'master'

Add GET endpoint to LDAP group link API Closes #13679 See merge request gitlab-org/gitlab!24216

Merge branch '13679-add-get-endpoint-to-ldap-group-link-api' into 'master'
Add GET endpoint to LDAP group link API Closes #13679 See merge request gitlab-org/gitlab!24216
80bf2345 · Imre Farkas · ee6c6fd0 · 1cc95f7c · 80bf2345 · 80bf2345
Commit 80bf2345 authored Feb 14, 2020 by Imre Farkas
4 changed files
--- a/changelogs/unreleased/13679-add-get-endpoint-to-ldap-group-link-api.yml
+++ b/changelogs/unreleased/13679-add-get-endpoint-to-ldap-group-link-api.yml
+---
+title: Add GET endpoint to LDAP group link API
+merge_request: 24216
+author:
+type: added
--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -798,7 +798,7 @@ DELETE /groups/:id/hooks/:hook_id
 Group audit events can be accessed via the [Group Audit Events API](audit_events.md#group-audit-events-starter)
-## Sync group with LDAP **(CORE ONLY)**
+## Sync group with LDAP **(STARTER)**
 Syncs the group with its linked LDAP group. Only available to group owners and administrators.
@@ -814,7 +814,23 @@ Parameters:
 Please consult the [Group Members](members.md) documentation.
-### Add LDAP group link **(CORE ONLY)**
+## LDAP Group Links
+List, add, and delete LDAP group links.
+### List LDAP group links **(STARTER)**
+Lists LDAP group links.
+```
+GET /groups/:id/ldap_group_links
+```
+Parameters:
+- `id` (required) - The ID of a group
+### Add LDAP group link **(STARTER)**
 Adds an LDAP group link.
@@ -829,7 +845,7 @@ Parameters:
 - `group_access` (required) - Minimum access level for members of the LDAP group
 - `provider` (required) - LDAP provider for the LDAP group
-### Delete LDAP group link **(CORE ONLY)**
+### Delete LDAP group link **(STARTER)**
 Deletes an LDAP group link.

--- a/ee/lib/api/ldap_group_links.rb
+++ b/ee/lib/api/ldap_group_links.rb
@@ -8,6 +8,21 @@ module API
      requires :id, type: String, desc: 'The ID of a group'
    end
    resource :groups do
+      desc 'Get LDAP group links for a group' do
+        success EE::API::Entities::LdapGroupLink
+      end
+      get ":id/ldap_group_links" do
+        group = find_group(params[:id])
+        authorize! :admin_group, group
+        ldap_group_links = group.ldap_group_links
+        if ldap_group_links && ldap_group_links != []
+          present ldap_group_links, with: EE::API::Entities::LdapGroupLink
+        else
+          render_api_error!('No linked LDAP groups found', 404)
+        end
+      end
      desc 'Add a linked LDAP group to group' do
        success EE::API::Entities::LdapGroupLink
      end

--- a/ee/spec/requests/api/ldap_group_links_spec.rb
+++ b/ee/spec/requests/api/ldap_group_links_spec.rb
@@ -13,12 +13,54 @@ describe API::LdapGroupLinks, api: true do
    group = create(:group)
    group.ldap_group_links.create cn: 'ldap-group1', group_access: Gitlab::Access::MAINTAINER, provider: 'ldap1'
    group.ldap_group_links.create cn: 'ldap-group2', group_access: Gitlab::Access::MAINTAINER, provider: 'ldap2'
+    group.ldap_group_links.create filter: '(uid=mary)', group_access: Gitlab::Access::DEVELOPER, provider: 'ldap3'
    group
  end
+  let(:group_with_no_ldap_links) { create(:group) }
  before do
    group_with_ldap_links.add_owner owner
    group_with_ldap_links.add_user user, Gitlab::Access::DEVELOPER
+    group_with_no_ldap_links.add_owner owner
+  end
+  describe "GET /groups/:id/ldap_group_links" do
+    context "when unauthenticated" do
+      it "returns authentication error" do
+        get api("/groups/#{group_with_ldap_links.id}/ldap_group_links")
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+    context "when a less priviledged user" do
+      it "returns forbidden" do
+        get api("/groups/#{group_with_ldap_links.id}/ldap_group_links", user)
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
+    context "when owner of the group" do
+      it "returns ldap group links" do
+        get api("/groups/#{group_with_ldap_links.id}/ldap_group_links", owner)
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to(
+          match([
+            a_hash_including('cn' => 'ldap-group1', 'provider' => 'ldap1'),
+            a_hash_including('cn' => 'ldap-group2', 'provider' => 'ldap2'),
+            a_hash_including('cn' => nil, 'provider' => 'ldap3')
+            ]))
+      end
+      it "returns error if no ldap group links found" do
+        get api("/groups/#{group_with_no_ldap_links.id}/ldap_group_links", owner)
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
  end
  describe "POST /groups/:id/ldap_group_links" do