Merge remote-tracking branch 'upstream/master' into 19737-read-only-auditor19737-read-only-auditor

* upstream/master: (1277 commits) Grapify the labels API Fix typo in project settings that prevents users from enabling container registry. Fix old monitoring links to point to the new location Added path parameter to Commits API fixes build with cache:clear issue Merge branch 'security-fix-leaking-namespace-name' into 'security' Fix authored vote from notes Grapify builds API Add changelog item for groups 404 on relative url Add relative url support to routing contrainers Update project member controller to match recent master logic Add parentheses around return redirect_to method Trigger change even in select2 test helper to produce production-like behaviour Refactor js that disable form submit if no members selected Improve create project member test at project_members_controller_spec Move changelog item to 8.14 Refactor create member tests from group_members_controller_spec Refactor groups/projects members controller Gracefully handle adding of no users to projects and groups Revert "Change "Group#web_url" to return "/groups/twitter" rather than "/twitter"." ...
author: Lin Jen-Shin <godfat@godfat.org> 2016-10-25 02:13:24 +0800
committer: Lin Jen-Shin <godfat@godfat.org> 2016-10-25 02:13:24 +0800
commit: 600da9ee0bb823e4b14fd45d6ff0e5f0b61b9737 (patch)
tree: f91eeeee22da72eed5bdf5b87ca27bdc95b136a0 /lib/api/access_requests.rb
parent: 40ff7579e9ba025610dfada9703386b4dc657d6d (diff)
parent: cb38290ababe43aca0c635fb87d3a38c4c5debcd (diff)
download: gitlab-ce-19737-read-only-auditor.tar.gz
1 files changed, 30 insertions, 43 deletions
diff --git a/lib/api/access_requests.rb b/lib/api/access_requests.rb
index 9d1d9058996..87915b19480 100644
--- a/lib/api/access_requests.rb
+++ b/lib/api/access_requests.rb
@@ -5,32 +5,27 @@ module API
     helpers ::API::Helpers::MembersHelpers
 
     %w[group project].each do |source_type|
+      params do
+        requires :id, type: String, desc: "The #{source_type} ID"
+      end
       resource source_type.pluralize do
-        # Get a list of group/project access requests viewable by the authenticated user.
-        #
-        # Parameters:
-        #   id (required) - The group/project ID
-        #
-        # Example Request:
-        #  GET /groups/:id/access_requests
-        #  GET /projects/:id/access_requests
+        desc "Gets a list of access requests for a #{source_type}." do
+          detail 'This feature was introduced in GitLab 8.11.'
+          success Entities::AccessRequester
+        end
         get ":id/access_requests" do
           source = find_source(source_type, params[:id])
-          authorize_admin_source!(source_type, source)
 
-          access_requesters = paginate(source.requesters.includes(:user))
+          access_requesters = AccessRequestsFinder.new(source).execute!(current_user)
+          access_requesters = paginate(access_requesters.includes(:user))
 
           present access_requesters.map(&:user), with: Entities::AccessRequester, source: source
         end
 
-        # Request access to the group/project
-        #
-        # Parameters:
-        #   id (required) - The group/project ID
-        #
-        # Example Request:
-        #  POST /groups/:id/access_requests
-        #  POST /projects/:id/access_requests
+        desc "Requests access for the authenticated user to a #{source_type}." do
+          detail 'This feature was introduced in GitLab 8.11.'
+          success Entities::AccessRequester
+        end
         post ":id/access_requests" do
           source = find_source(source_type, params[:id])
           access_requester = source.request_access(current_user)
@@ -42,42 +37,34 @@ module API
           end
         end
 
-        # Approve a group/project access request
-        #
-        # Parameters:
-        #   id (required) - The group/project ID
-        #   user_id (required) - The user ID of the access requester
-        #   access_level (optional) - Access level
-        #
-        # Example Request:
-        #   PUT /groups/:id/access_requests/:user_id/approve
-        #   PUT /projects/:id/access_requests/:user_id/approve
+        desc 'Approves an access request for the given user.' do
+          detail 'This feature was introduced in GitLab 8.11.'
+          success Entities::Member
+        end
+        params do
+          requires :user_id, type: Integer, desc: 'The user ID of the access requester'
+          optional :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
+        end
         put ':id/access_requests/:user_id/approve' do
-          required_attributes! [:user_id]
           source = find_source(source_type, params[:id])
 
-          member = ::Members::ApproveAccessRequestService.new(source, current_user, params).execute
+          member = ::Members::ApproveAccessRequestService.new(source, current_user, declared(params)).execute
 
           status :created
           present member.user, with: Entities::Member, member: member
         end
 
-        # Deny a group/project access request
-        #
-        # Parameters:
-        #   id (required) - The group/project ID
-        #   user_id (required) - The user ID of the access requester
-        #
-        # Example Request:
-        #   DELETE /groups/:id/access_requests/:user_id
-        #   DELETE /projects/:id/access_requests/:user_id
+        desc 'Denies an access request for the given user.' do
+          detail 'This feature was introduced in GitLab 8.11.'
+        end
+        params do
+          requires :user_id, type: Integer, desc: 'The user ID of the access requester'
+        end
         delete ":id/access_requests/:user_id" do
-          required_attributes! [:user_id]
           source = find_source(source_type, params[:id])
 
-          access_requester = source.requesters.find_by!(user_id: params[:user_id])
-
-          ::Members::DestroyService.new(access_requester, current_user).execute
+          ::Members::DestroyService.new(source, current_user, params).
+            execute(:requesters)
         end
       end
     end
author	Lin Jen-Shin <godfat@godfat.org>	2016-10-25 02:13:24 +0800
committer	Lin Jen-Shin <godfat@godfat.org>	2016-10-25 02:13:24 +0800
commit	600da9ee0bb823e4b14fd45d6ff0e5f0b61b9737 (patch)
tree	f91eeeee22da72eed5bdf5b87ca27bdc95b136a0 /lib/api/access_requests.rb
parent	40ff7579e9ba025610dfada9703386b4dc657d6d (diff)
parent	cb38290ababe43aca0c635fb87d3a38c4c5debcd (diff)
download	gitlab-ce-19737-read-only-auditor.tar.gz