diff --git a/doc/api/README.md b/doc/api/README.md
index c4d44c527484adde8e6516a2fca169e2da0d631e..09deec00e034c5bd7177eeabfb8526599f792bf8 100644
--- a/doc/api/README.md
+++ b/doc/api/README.md
@@ -79,3 +79,4 @@ When listing resources you can pass the following parameters:
+ [Milestones](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/milestones.md)
+ [Notes](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/notes.md)
+ [System Hooks](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/system_hooks.md)
++ [User Teams](https://github.com/gitlabhq/gitlabhq/blob/master/doc/api/user_teams.md)
diff --git a/doc/api/user_teams.md b/doc/api/user_teams.md
new file mode 100644
index 0000000000000000000000000000000000000000..cf467a54667d942331332b5079cbd6e3acfd51fb
--- /dev/null
+++ b/doc/api/user_teams.md
@@ -0,0 +1,209 @@
+## User teams
+
+### List user teams
+
+Get a list of user teams viewable by the authenticated user.
+
+```
+GET /user_teams
+```
+
+```json
+[
+ {
+ id: 1,
+ name: "User team 1",
+ path: "user_team1",
+ owner_id: 1
+ },
+ {
+ id: 2,
+ name: "User team 2",
+ path: "user_team2",
+ owner_id: 1
+ }
+]
+```
+
+
+### Get single user team
+
+Get a specific user team, identified by user team ID, which is viewable by the authenticated user.
+
+```
+GET /user_teams/:id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user_team
+
+```json
+{
+ id: 1,
+ name: "User team 1",
+ path: "user_team1",
+ owner_id: 1
+}
+```
+
+
+### Create user team
+
+Creates new user team owned by user. Available only for admins.
+
+```
+POST /user_teams
+```
+
+Parameters:
+
++ `name` (required) - new user team name
++ `path` (required) - new user team internal name
+
+
+
+## User team members
+
+### List user team members
+
+Get a list of project team members.
+
+```
+GET /user_teams/:id/members
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user_team
+
+
+### Get user team member
+
+Gets a user team member.
+
+```
+GET /user_teams/:id/members/:user_id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user_team
++ `user_id` (required) - The ID of a user
+
+```json
+{
+ id: 2,
+ username: "john_doe",
+ email: "joh@doe.org",
+ name: "John Doe",
+ state: "active",
+ created_at: "2012-10-22T14:13:35Z",
+ access_level: 30
+}
+```
+
+
+### Add user team member
+
+Adds a user to a user team.
+
+```
+POST /user_teams/:id/members
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user team
++ `user_id` (required) - The ID of a user to add
++ `access_level` (required) - Project access level
+
+
+### Remove user team member
+
+Removes user from user team.
+
+```
+DELETE /user_teams/:id/members/:user_id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user team
++ `user_id` (required) - The ID of a team member
+
+## User team projects
+
+### List user team projects
+
+Get a list of project team projects.
+
+```
+GET /user_teams/:id/projects
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user_team
+
+
+### Get user team project
+
+Gets a user team project.
+
+```
+GET /user_teams/:id/projects/:project_id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user_team
++ `project_id` (required) - The ID of a user
+
+```json
+{
+ id: 12,
+ name: "project1",
+ description: null,
+ default_branch: "develop",
+ public: false,
+ path: "project1",
+ path_with_namespace: "group1/project1",
+ issues_enabled: false,
+ merge_requests_enabled: true,
+ wall_enabled: true,
+ wiki_enabled: false,
+ created_at: "2013-03-11T12:59:08Z",
+ greatest_access_level: 30
+}
+```
+
+
+### Add user team project
+
+Adds a project to a user team.
+
+```
+POST /user_teams/:id/projects
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user team
++ `project_id` (required) - The ID of a project to add
++ `greatest_access_level` (required) - Maximum project access level
+
+
+### Remove user team project
+
+Removes project from user team.
+
+```
+DELETE /user_teams/:id/projects/:project_id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user team
++ `project_id` (required) - The ID of a team project
+
diff --git a/lib/api/api.rb b/lib/api/api.rb
index 28e6add73ed0c397d220bb3a2569c5def1e7f583..201e4a4edc2910acc04f3d4be6b5fe05d01e6fde 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -34,5 +34,6 @@ module API
mount Notes
mount Internal
mount SystemHooks
+ mount UserTeams
end
end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index c3c351e1733b5edd0b2d75eae05dcec7357df0f0..7b35f5f529f08cb185d99bf6c992d83809f6345c 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -40,6 +40,18 @@ module API
end
end
+ class TeamMember < UserBasic
+ expose :permission, as: :access_level do |user, options|
+ options[:user_team].user_team_user_relationships.find_by_user_id(user.id).permission
+ end
+ end
+
+ class TeamProject < Project
+ expose :greatest_access, as: :greatest_access_level do |project, options|
+ options[:user_team].user_team_project_relationships.find_by_project_id(project.id).greatest_access
+ end
+ end
+
class Group < Grape::Entity
expose :id, :name, :path, :owner_id
end
@@ -87,6 +99,10 @@ module API
expose :id, :title, :key, :created_at
end
+ class UserTeam < Grape::Entity
+ expose :id, :name, :path, :owner_id
+ end
+
class MergeRequest < Grape::Entity
expose :id, :target_branch, :source_branch, :project_id, :title, :state
expose :author, :assignee, using: Entities::UserBasic
diff --git a/lib/api/user_teams.rb b/lib/api/user_teams.rb
new file mode 100644
index 0000000000000000000000000000000000000000..05aa72f0e92b43d5f42185e22e27e858f57c7f60
--- /dev/null
+++ b/lib/api/user_teams.rb
@@ -0,0 +1,276 @@
+module API
+ # user_teams API
+ class UserTeams < Grape::API
+ before { authenticate! }
+
+ resource :user_teams do
+ helpers do
+ def handle_team_member_errors(errors)
+ if errors[:permission].any?
+ render_api_error!(errors[:permission], 422)
+ end
+ not_found!
+ end
+
+ def validate_access_level?(level)
+ [UsersProject::GUEST, UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER].include? level.to_i
+ end
+ end
+
+
+ # Get a user_teams list
+ #
+ # Example Request:
+ # GET /user_teams
+ get do
+ if current_user.admin
+ @user_teams = paginate UserTeam
+ else
+ @user_teams = paginate current_user.user_teams
+ end
+ present @user_teams, with: Entities::UserTeam
+ end
+
+
+ # Create user_team. Available only for admin
+ #
+ # Parameters:
+ # name (required) - The name of the user_team
+ # path (required) - The path of the user_team
+ # Example Request:
+ # POST /user_teams
+ post do
+ authenticated_as_admin!
+ required_attributes! [:name, :path]
+
+ attrs = attributes_for_keys [:name, :path]
+ @user_team = UserTeam.new(attrs)
+ @user_team.owner = current_user
+
+ if @user_team.save
+ present @user_team, with: Entities::UserTeam
+ else
+ not_found!
+ end
+ end
+
+
+ # Get a single user_team
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # Example Request:
+ # GET /user_teams/:id
+ get ":id" do
+ @user_team = UserTeam.find(params[:id])
+ if current_user.admin or current_user.user_teams.include? @user_team
+ present @user_team, with: Entities::UserTeam
+ else
+ not_found!
+ end
+ end
+
+
+ # Get user_team members
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # Example Request:
+ # GET /user_teams/:id/members
+ get ":id/members" do
+ @user_team = UserTeam.find(params[:id])
+ if current_user.admin or current_user.user_teams.include? @user_team
+ @members = paginate @user_team.members
+ present @members, with: Entities::TeamMember, user_team: @user_team
+ else
+ not_found!
+ end
+ end
+
+
+ # Add a new user_team member
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # user_id (required) - The ID of a user
+ # access_level (required) - Project access level
+ # Example Request:
+ # POST /user_teams/:id/members
+ post ":id/members" do
+ authenticated_as_admin!
+ required_attributes! [:user_id, :access_level]
+
+ if not validate_access_level?(params[:access_level])
+ render_api_error!("Wrong access level", 422)
+ end
+
+ @user_team = UserTeam.find(params[:id])
+ if @user_team
+ team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+ # Not existing member
+ if team_member.nil?
+ @user_team.add_member(params[:user_id], params[:access_level], false)
+ team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+
+ if team_member.nil?
+ render_api_error!("Error creating membership", 500)
+ else
+ @member = team_member.user
+ present @member, with: Entities::TeamMember, user_team: @user_team
+ end
+ else
+ render_api_error!("Already exists", 409)
+ end
+ else
+ not_found!
+ end
+ end
+
+
+ # Get a single team member from user_team
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # user_id (required) - The ID of a team member
+ # Example Request:
+ # GET /user_teams/:id/members/:user_id
+ get ":id/members/:user_id" do
+ @user_team = UserTeam.find(params[:id])
+ if current_user.admin or current_user.user_teams.include? @user_team
+ team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+ unless team_member.nil?
+ present team_member.user, with: Entities::TeamMember, user_team: @user_team
+ else
+ not_found!
+ end
+ else
+ not_found!
+ end
+ end
+
+ # Remove a team member from user_team
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # user_id (required) - The ID of a team member
+ # Example Request:
+ # DELETE /user_teams/:id/members/:user_id
+ delete ":id/members/:user_id" do
+ authenticated_as_admin!
+
+ @user_team = UserTeam.find(params[:id])
+ if @user_team
+ team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
+ unless team_member.nil?
+ team_member.destroy
+ else
+ not_found!
+ end
+ else
+ not_found!
+ end
+ end
+
+
+ # Get to user_team assigned projects
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # Example Request:
+ # GET /user_teams/:id/projects
+ get ":id/projects" do
+ @user_team = UserTeam.find(params[:id])
+ if current_user.admin or current_user.user_teams.include? @user_team
+ @projects = paginate @user_team.projects
+ present @projects, with: Entities::TeamProject, user_team: @user_team
+ else
+ not_found!
+ end
+ end
+
+
+ # Add a new user_team project
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # project_id (required) - The ID of a project
+ # greatest_access_level (required) - Project access level
+ # Example Request:
+ # POST /user_teams/:id/projects
+ post ":id/projects" do
+ authenticated_as_admin!
+ required_attributes! [:project_id, :greatest_access_level]
+
+ if not validate_access_level?(params[:greatest_access_level])
+ render_api_error!("Wrong greatest_access_level", 422)
+ end
+
+ @user_team = UserTeam.find(params[:id])
+ if @user_team
+ team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+
+ # No existing project
+ if team_project.nil?
+ @user_team.assign_to_projects([params[:project_id]], params[:greatest_access_level])
+ team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+ if team_project.nil?
+ render_api_error!("Error creating project assignment", 500)
+ else
+ @project = team_project.project
+ present @project, with: Entities::TeamProject, user_team: @user_team
+ end
+ else
+ render_api_error!("Already exists", 409)
+ end
+ else
+ not_found!
+ end
+ end
+
+ # Show a single team project from user_team
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # project_id (required) - The ID of a project assigned to the team
+ # Example Request:
+ # GET /user_teams/:id/projects/:project_id
+ get ":id/projects/:project_id" do
+ @user_team = UserTeam.find(params[:id])
+ if current_user.admin or current_user.user_teams.include? @user_team
+ team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+ unless team_project.nil?
+ present team_project.project, with: Entities::TeamProject, user_team: @user_team
+ else
+ not_found!
+ end
+ else
+ not_found!
+ end
+ end
+
+ # Remove a team project from user_team
+ #
+ # Parameters:
+ # id (required) - The ID of a user_team
+ # project_id (required) - The ID of a project assigned to the team
+ # Example Request:
+ # DELETE /user_teams/:id/projects/:project_id
+ delete ":id/projects/:project_id" do
+ authenticated_as_admin!
+
+ @user_team = UserTeam.find(params[:id])
+ if @user_team
+ team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
+ unless team_project.nil?
+ team_project.destroy
+ else
+ not_found!
+ end
+ else
+ not_found!
+ end
+ end
+
+ end
+ end
+end
diff --git a/spec/requests/api/user_teams_spec.rb b/spec/requests/api/user_teams_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..68f05b11a83aa67fd3e63382c6a8f169bfcff6b0
--- /dev/null
+++ b/spec/requests/api/user_teams_spec.rb
@@ -0,0 +1,360 @@
+require 'spec_helper'
+
+describe API::API do
+ include ApiHelpers
+
+ # Create test objects
+ let(:user1) { create(:user) }
+ let(:user2) { create(:user) }
+ let(:admin) { create(:admin) }
+ let!(:group1) { create(:group, owner: user1) }
+ let!(:group2) { create(:group, owner: user2) }
+ let(:user_team1) { create(:user_team, owner: user1) }
+ let(:user_team2) { create(:user_team, owner: user2) }
+ let!(:project1) { create(:project, creator_id: admin.id) }
+ let!(:project2) { create(:project, creator_id: admin.id) }
+
+
+ before {
+ # Add members to teams
+ user_team1.add_member(user1, UsersProject::MASTER, false)
+ user_team2.add_member(user2, UsersProject::MASTER, false)
+
+ # Add projects to teams
+ user_team1.assign_to_projects([project1.id], UsersProject::MASTER)
+ user_team2.assign_to_projects([project2.id], UsersProject::MASTER)
+
+ }
+
+ describe "GET /user_teams" do
+ context "when unauthenticated" do
+ it "should return authentication error" do
+ get api("/user_teams")
+ response.status.should == 401
+ end
+ end
+
+ context "when authenticated as user" do
+ it "normal user: should return an array of user_teams of user1" do
+ get api("/user_teams", user1)
+ response.status.should == 200
+ json_response.should be_an Array
+ json_response.length.should == 1
+ json_response.first['name'].should == user_team1.name
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "admin: should return an array of all user_teams" do
+ get api("/user_teams", admin)
+ response.status.should == 200
+ json_response.should be_an Array
+ json_response.length.should == 2
+ end
+ end
+ end
+
+ describe "GET /user_teams/:id" do
+ context "when authenticated as user" do
+ it "should return one of user1's user_teams" do
+ get api("/user_teams/#{user_team1.id}", user1)
+ response.status.should == 200
+ json_response['name'] == user_team1.name
+ end
+
+ it "should not return a non existing team" do
+ get api("/user_teams/1328", user1)
+ response.status.should == 404
+ end
+
+ it "should not return a user_team not attached to user1" do
+ get api("/user_teams/#{user_team2.id}", user1)
+ response.status.should == 404
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should return any existing user_team" do
+ get api("/user_teams/#{user_team2.id}", admin)
+ response.status.should == 200
+ json_response['name'].should == user_team2.name
+ end
+
+ it "should not return a non existing user_team" do
+ get api("/user_teams/1328", admin)
+ response.status.should == 404
+ end
+ end
+ end
+
+ describe "POST /user_teams" do
+ context "when authenticated as user" do
+ it "should not create user_team" do
+ count_before=UserTeam.count
+ post api("/user_teams", user1), attributes_for(:user_team)
+ response.status.should == 403
+ UserTeam.count.should == count_before
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should create user_team" do
+ count_before=UserTeam.count
+ post api("/user_teams", admin), attributes_for(:user_team)
+ response.status.should == 201
+ UserTeam.count.should == count_before + 1
+ end
+
+ it "should not create user_team, duplicate" do
+ post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path}
+ response.status.should == 404
+ end
+
+ it "should return 400 bad request error if name not given" do
+ post api("/user_teams", admin), {:path => user_team2.path}
+ response.status.should == 400
+ end
+
+ it "should return 400 bad request error if path not given" do
+ post api("/user_teams", admin), {:name => 'test'}
+ response.status.should == 400
+ end
+ end
+ end
+
+ # Members
+
+ describe "GET /user_teams/:id/members" do
+ context "when authenticated as user" do
+ it "should return user1 as member of user1's user_teams" do
+ get api("/user_teams/#{user_team1.id}/members", user1)
+ response.status.should == 200
+ json_response.first['name'].should == user1.name
+ json_response.first['access_level'].should == UsersProject::MASTER
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should return member of any existing user_team" do
+ get api("/user_teams/#{user_team2.id}/members", admin)
+ response.status.should == 200
+ json_response.first['name'].should == user2.name
+ json_response.first['access_level'].should == UsersProject::MASTER
+ end
+ end
+ end
+
+ describe "POST /user_teams/:id/members" do
+ context "when authenticated as user" do
+ it "should not add user2 as member of user_team1" do
+ post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER
+ response.status.should == 403
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should return ok and add new member" do
+ count_before=user_team1.user_team_user_relationships.count
+ post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
+ response.status.should == 201
+ json_response['name'].should == user2.name
+ json_response['access_level'].should == UsersProject::MASTER
+ user_team1.user_team_user_relationships.count.should == count_before + 1
+ end
+ it "should return ok if member already exists" do
+ post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
+ response.status.should == 409
+ end
+ it "should return a 400 error when user id is not given" do
+ post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER
+ response.status.should == 400
+ end
+ it "should return a 400 error when access level is not given" do
+ post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id
+ response.status.should == 400
+ end
+
+ it "should return a 422 error when access level is not known" do
+ post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234
+ response.status.should == 422
+ end
+
+ end
+ end
+
+ # Get single member
+ describe "GET /user_teams/:id/members/:user_id" do
+ context "when authenticated as member" do
+ it "should show user1's membership of user_team1" do
+ get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
+ response.status.should == 200
+ json_response['name'].should == user1.name
+ json_response['access_level'].should == UsersProject::MASTER
+ end
+ it "should show that user2 is not member of user_team1" do
+ get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1)
+ response.status.should == 404
+ end
+ end
+
+ context "when authenticated as non-member" do
+ it "should not show user1's membership of user_team1" do
+ get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2)
+ response.status.should == 404
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should show user1's membership of user_team1" do
+ get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
+ response.status.should == 200
+ json_response['name'].should == user1.name
+ json_response['access_level'].should == UsersProject::MASTER
+ end
+ it "should return a 404 error when user id is not known" do
+ get api("/user_teams/#{user_team2.id}/members/1328", admin)
+ response.status.should == 404
+ end
+ end
+ end
+
+ describe "DELETE /user_teams/:id/members/:user_id" do
+ context "when authenticated as user" do
+ it "should not delete user1's membership of user_team1" do
+ delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
+ response.status.should == 403
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should delete user1's membership of user_team1" do
+ count_before=user_team1.user_team_user_relationships.count
+ delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
+ response.status.should == 200
+ user_team1.user_team_user_relationships.count.should == count_before - 1
+ end
+ it "should return a 404 error when user id is not known" do
+ delete api("/user_teams/#{user_team2.id}/members/1328", admin)
+ response.status.should == 404
+ end
+ end
+ end
+
+ # Projects
+
+ describe "GET /user_teams/:id/projects" do
+ context "when authenticated as user" do
+ it "should return project1 as assigned to user_team1 as member user1" do
+ get api("/user_teams/#{user_team1.id}/projects", user1)
+ response.status.should == 200
+ json_response.first['name'].should == project1.name
+ json_response.length.should == user_team1.user_team_project_relationships.count
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should return project2 as assigned to user_team2 as non-member, but admin" do
+ get api("/user_teams/#{user_team2.id}/projects", admin)
+ response.status.should == 200
+ json_response.first['name'].should == project2.name
+ json_response.first['greatest_access_level'].should == UsersProject::MASTER
+ end
+ end
+ end
+
+ describe "POST /user_teams/:id/projects" do
+ context "when authenticated as admin" do
+ it "should return ok and add new project" do
+ count_before=user_team1.user_team_project_relationships.count
+ post api("/user_teams/#{user_team1.id}/projects", admin),
+ project_id: project2.id,
+ greatest_access_level: UsersProject::MASTER
+ response.status.should == 201
+ json_response['name'].should == project2.name
+ json_response['greatest_access_level'].should == UsersProject::MASTER
+ user_team1.user_team_project_relationships.count.should == count_before + 1
+ end
+ it "should return ok if project already exists" do
+ post api("/user_teams/#{user_team2.id}/projects", admin),
+ project_id: project2.id,
+ greatest_access_level: UsersProject::MASTER
+ response.status.should == 409
+ end
+ it "should return a 400 error when project id is not given" do
+ post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER
+ response.status.should == 400
+ end
+ it "should return a 400 error when access level is not given" do
+ post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id
+ response.status.should == 400
+ end
+
+ it "should return a 422 error when access level is not known" do
+ post api("/user_teams/#{user_team2.id}/projects", admin),
+ project_id: project2.id,
+ greatest_access_level: 1234
+ response.status.should == 422
+ end
+
+ end
+ end
+
+
+ describe "GET /user_teams/:id/projects/:project_id" do
+ context "when authenticated as member" do
+ it "should show project1's assignment to user_team1" do
+ get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1)
+ response.status.should == 200
+ json_response['name'].should == project1.name
+ json_response['greatest_access_level'].should == UsersProject::MASTER
+ end
+ it "should show project2's is not assigned to user_team1" do
+ get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1)
+ response.status.should == 404
+ end
+ end
+
+ context "when authenticated as non-member" do
+ it "should not show project1's assignment to user_team1" do
+ get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2)
+ response.status.should == 404
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should show project1's assignment to user_team1" do
+ get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
+ response.status.should == 200
+ json_response['name'].should == project1.name
+ json_response['greatest_access_level'].should == UsersProject::MASTER
+ end
+ it "should return a 404 error when project id is not known" do
+ get api("/user_teams/#{user_team2.id}/projects/1328", admin)
+ response.status.should == 404
+ end
+ end
+ end
+
+ describe "DELETE /user_teams/:id/projects/:project_id" do
+ context "when authenticated as user" do
+ it "should not delete project1's assignment to user_team2" do
+ delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1)
+ response.status.should == 403
+ end
+ end
+
+ context "when authenticated as admin" do
+ it "should delete project1's assignment to user_team1" do
+ count_before=user_team1.user_team_project_relationships.count
+ delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
+ response.status.should == 200
+ user_team1.user_team_project_relationships.count.should == count_before - 1
+ end
+ it "should return a 404 error when project id is not known" do
+ delete api("/user_teams/#{user_team2.id}/projects/1328", admin)
+ response.status.should == 404
+ end
+ end
+ end
+
+end