Skip to content
Snippets Groups Projects
Commit 4e97f266 authored by jubianchi's avatar jubianchi
Browse files

Acces groups with their path in API

parent a073e00a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
CHANGELOG
+ 1
1
View file @ 4e97f266
@@ -53,7 +53,7 @@ v 7.8.0
@@ -53,7 +53,7 @@ v 7.8.0
- Add a new API function that retrieves all issues assigned to a single milestone (Justin Whear and Hannes Rosenögger) - Add a new API function that retrieves all issues assigned to a single milestone (Justin Whear and Hannes Rosenögger)
- -
- -
- - API: Access groups with their path (Julien Bianchi)
- -
- -
- -
doc/api/groups.md
+ 5
5
View file @ 4e97f266
@@ -32,7 +32,7 @@ GET /groups/:id
@@ -32,7 +32,7 @@ GET /groups/:id
   
Parameters: Parameters:
   
- `id` (required) - The ID of a group - `id` (required) - The ID or path of a group
   
## New group ## New group
   
@@ -58,7 +58,7 @@ POST /groups/:id/projects/:project_id
@@ -58,7 +58,7 @@ POST /groups/:id/projects/:project_id
   
Parameters: Parameters:
   
- `id` (required) - The ID of a group - `id` (required) - The ID or path of a group
- `project_id` (required) - The ID of a project - `project_id` (required) - The ID of a project
   
## Remove group ## Remove group
@@ -71,7 +71,7 @@ DELETE /groups/:id
@@ -71,7 +71,7 @@ DELETE /groups/:id
   
Parameters: Parameters:
   
- `id` (required) - The ID of a user group - `id` (required) - The ID or path of a user group
   
## Search for group ## Search for group
   
@@ -148,7 +148,7 @@ POST /groups/:id/members
@@ -148,7 +148,7 @@ POST /groups/:id/members
   
Parameters: Parameters:
   
- `id` (required) - The ID of a group - `id` (required) - The ID or path of a group
- `user_id` (required) - The ID of a user to add - `user_id` (required) - The ID of a user to add
- `access_level` (required) - Project access level - `access_level` (required) - Project access level
   
@@ -162,5 +162,5 @@ DELETE /groups/:id/members/:user_id
@@ -162,5 +162,5 @@ DELETE /groups/:id/members/:user_id
   
Parameters: Parameters:
   
- `id` (required) - The ID of a user group - `id` (required) - The ID or path of a user group
- `user_id` (required) - The ID of a group member - `user_id` (required) - The ID of a group member
lib/api/group_members.rb
+ 0
16
View file @ 4e97f266
@@ -3,22 +3,6 @@ module API
@@ -3,22 +3,6 @@ module API
before { authenticate! } before { authenticate! }
   
resource :groups do resource :groups do
helpers do
def find_group(id)
group = Group.find(id)
if can?(current_user, :read_group, group)
group
else
render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
end
end
def validate_access_level?(level)
Gitlab::Access.options_with_owner.values.include? level.to_i
end
end
# Get a list of group members viewable by the authenticated user. # Get a list of group members viewable by the authenticated user.
# #
# Example Request: # Example Request:
lib/api/groups.rb
+ 0
16
View file @ 4e97f266
@@ -4,22 +4,6 @@ module API
@@ -4,22 +4,6 @@ module API
before { authenticate! } before { authenticate! }
   
resource :groups do resource :groups do
helpers do
def find_group(id)
group = Group.find(id)
if can?(current_user, :read_group, group)
group
else
render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
end
end
def validate_access_level?(level)
Gitlab::Access.options_with_owner.values.include? level.to_i
end
end
# Get a groups list # Get a groups list
# #
# Example Request: # Example Request:
lib/api/helpers.rb
+ 23
2
View file @ 4e97f266
@@ -55,6 +55,21 @@ module API
@@ -55,6 +55,21 @@ module API
end end
end end
   
def find_group(id)
begin
group = Group.find(id)
rescue ActiveRecord::RecordNotFound
group = Group.find_by!(path: id)
end
if can?(current_user, :read_group, group)
group
else
forbidden!("#{current_user.username} lacks sufficient "\
"access to #{group.name}")
end
end
def paginate(relation) def paginate(relation)
per_page = params[:per_page].to_i per_page = params[:per_page].to_i
paginated = relation.page(params[:page]).per(per_page) paginated = relation.page(params[:page]).per(per_page)
@@ -135,10 +150,16 @@ module API
@@ -135,10 +150,16 @@ module API
errors errors
end end
   
def validate_access_level?(level)
Gitlab::Access.options_with_owner.values.include? level.to_i
end
# error helpers # error helpers
   
def forbidden! def forbidden!(reason = nil)
render_api_error!('403 Forbidden', 403) message = ['403 Forbidden']
message << " - #{reason}" if reason
render_api_error!(message.join(' '), 403)
end end
   
def bad_request!(attribute) def bad_request!(attribute)
spec/requests/api/groups_spec.rb
+ 18
0
View file @ 4e97f266
@@ -73,6 +73,24 @@ describe API::API, api: true do
@@ -73,6 +73,24 @@ describe API::API, api: true do
response.status.should == 404 response.status.should == 404
end end
end end
context 'when using group path in URL' do
it 'should return any existing group' do
get api("/groups/#{group1.path}", admin)
response.status.should == 200
json_response['name'] == group2.name
end
it 'should not return a non existing group' do
get api('/groups/unknown', admin)
response.status.should == 404
end
it 'should not return a group not attached to user1' do
get api("/groups/#{group2.path}", user1)
response.status.should == 403
end
end
end end
   
describe "POST /groups" do describe "POST /groups" do
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment