Merge branch 'master' into fix_project_access_notification

7 files changed, 179 insertions, 98 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 13a48e12019..ee693de699e 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -9,6 +9,10 @@ module Gitlab
       expose :id, :email, :name, :blocked, :created_at
     end
 
+    class UserLogin < UserBasic
+      expose :private_token
+    end
+
     class Hook < Grape::Entity
       expose :id, :url
     end
@@ -20,15 +24,20 @@ module Gitlab
       expose :issues_enabled, :merge_requests_enabled, :wall_enabled, :wiki_enabled, :created_at
     end
 
-    class UsersProject < Grape::Entity
-      expose :user, using: Entities::UserBasic
-      expose :project_access
+    class ProjectMember < UserBasic
+      expose :project_access, :as => :access_level do |user, options|
+        options[:project].users_projects.find_by_user_id(user.id).project_access
+      end
     end
 
     class RepoObject < Grape::Entity
       expose :name, :commit
     end
 
+    class RepoCommit < Grape::Entity
+      expose :id, :short_id, :title, :author_name, :author_email, :created_at
+    end
+
     class ProjectSnippet < Grape::Entity
       expose :id, :title, :file_name
       expose :author, using: Entities::UserBasic
@@ -36,7 +45,9 @@ module Gitlab
     end
 
     class Milestone < Grape::Entity
-      expose :id, :title, :description, :due_date, :closed, :updated_at, :created_at
+      expose :id
+      expose (:project_id) {|milestone| milestone.project.id}
+      expose :title, :description, :due_date, :closed, :updated_at, :created_at
     end
 
     class Issue < Grape::Entity
@@ -49,10 +60,8 @@ module Gitlab
       expose :closed, :updated_at, :created_at
     end
 
-    class Key < Grape::Entity
-      expose  :id, 
-              :title, 
-              :key
+    class SSHKey < Grape::Entity
+      expose :id, :title, :key
     end
   end
 end
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 9a08b995800..14390545bd5 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -61,7 +61,7 @@ module Gitlab
       error!({'message' => message}, status)
     end
 
-    private 
+    private
 
     def abilities
       @abilities ||= begin
diff --git a/lib/api/keys.rb b/lib/api/keys.rb
deleted file mode 100644
index 4c302727c4f..00000000000
--- a/lib/api/keys.rb
+++ /dev/null
@@ -1,50 +0,0 @@
-module Gitlab
-  # Keys API
-  class Keys < Grape::API
-    before { authenticate! }
-    resource :keys do
-      # Get currently authenticated user's keys
-      #
-      # Example Request:
-      #   GET /keys
-      get do
-        present current_user.keys, with: Entities::Key
-      end
-      # Get single key owned by currently authenticated user
-      #
-      # Example Request:
-      #   GET /keys/:id
-      get "/:id" do
-        key = current_user.keys.find params[:id]
-        present key, with: Entities::Key
-      end
-      # Add new ssh key to currently authenticated user
-      # 
-      # Parameters:
-      #   key (required) - New SSH Key
-      #   title (required) - New SSH Key's title
-      # Example Request:
-      #   POST /keys
-      post do
-        attrs = attributes_for_keys [:title, :key]
-        key = current_user.keys.new attrs
-        if key.save
-          present key, with: Entities::Key
-        else
-          not_found!
-        end
-      end
-      # Delete existed ssh key of currently authenticated user
-      # 
-      # Parameters:
-      #   id (required) - SSH Key ID
-      # Example Request:
-      #   DELETE /keys/:id
-      delete "/:id" do
-        key = current_user.keys.find params[:id]
-        key.delete
-      end
-    end
-  end
-end
-
diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb
index daaff940325..f55dfd04cc5 100644
--- a/lib/api/milestones.rb
+++ b/lib/api/milestones.rb
@@ -11,6 +11,8 @@ module Gitlab
       # Example Request:
       #   GET /projects/:id/milestones
       get ":id/milestones" do
+        authorize! :read_milestone, user_project
+
         present paginate(user_project.milestones), with: Entities::Milestone
       end
 
@@ -22,6 +24,8 @@ module Gitlab
       # Example Request:
       #   GET /projects/:id/milestones/:milestone_id
       get ":id/milestones/:milestone_id" do
+        authorize! :read_milestone, user_project
+
         @milestone = user_project.milestones.find(params[:milestone_id])
         present @milestone, with: Entities::Milestone
       end
@@ -36,6 +40,8 @@ module Gitlab
       # Example Request:
       #   POST /projects/:id/milestones
       post ":id/milestones" do
+        authorize! :admin_milestone, user_project
+
         attrs = attributes_for_keys [:title, :description, :due_date]
         @milestone = user_project.milestones.new attrs
         if @milestone.save
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 1d9004f8eed..c3dc3da6fac 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -40,14 +40,14 @@ module Gitlab
       post do
         params[:code] ||= params[:name]
         params[:path] ||= params[:name]
-        attrs = attributes_for_keys [:code, 
-                                    :path, 
-                                    :name, 
-                                    :description, 
-                                    :default_branch, 
-                                    :issues_enabled, 
-                                    :wall_enabled, 
-                                    :merge_requests_enabled, 
+        attrs = attributes_for_keys [:code,
+                                    :path,
+                                    :name,
+                                    :description,
+                                    :default_branch,
+                                    :issues_enabled,
+                                    :wall_enabled,
+                                    :merge_requests_enabled,
                                     :wiki_enabled]
         @project = Project.create_by_user(attrs, current_user)
         if @project.saved?
@@ -57,56 +57,83 @@ module Gitlab
         end
       end
 
-      # Get project users
+      # Get a project team members
       #
       # Parameters:
       #   id (required) - The ID or code name of a project
       # Example Request:
-      #   GET /projects/:id/users
-      get ":id/users" do
-        @users_projects = paginate user_project.users_projects
-        present @users_projects, with: Entities::UsersProject
+      #   GET /projects/:id/members
+      get ":id/members" do
+        @members = paginate user_project.users
+        present @members, with: Entities::ProjectMember, project: user_project
       end
 
-      # Add users to project with specified access level
+      # Get a project team members
       #
       # Parameters:
       #   id (required) - The ID or code name of a project
-      #   user_ids (required) - The ID list of users to add
-      #   project_access (required) - Project access level
+      #   user_id (required) - The ID of a user
       # Example Request:
-      #   POST /projects/:id/users
-      post ":id/users" do
+      #   GET /projects/:id/members/:user_id
+      get ":id/members/:user_id" do
+        @member = user_project.users.find params[:user_id]
+        present @member, with: Entities::ProjectMember, project: user_project
+      end
+
+      # Add a new project team member
+      #
+      # Parameters:
+      #   id (required) - The ID or code name of a project
+      #   user_id (required) - The ID of a user
+      #   access_level (required) - Project access level
+      # Example Request:
+      #   POST /projects/:id/members
+      post ":id/members" do
         authorize! :admin_project, user_project
-        user_project.add_users_ids_to_team(params[:user_ids].values, params[:project_access])
-        nil
+        users_project = user_project.users_projects.new(
+          user_id: params[:user_id],
+          project_access: params[:access_level]
+        )
+
+        if users_project.save
+          @member = users_project.user
+          present @member, with: Entities::ProjectMember, project: user_project
+        else
+          not_found!
+        end
       end
 
-      # Update users to specified access level
+      # Update project team member
       #
       # Parameters:
       #   id (required) - The ID or code name of a project
-      #   user_ids (required) - The ID list of users to add
-      #   project_access (required) - New project access level to
+      #   user_id (required) - The ID of a team member
+      #   access_level (required) - Project access level
       # Example Request:
-      #   PUT /projects/:id/add_users
-      put ":id/users" do
+      #   PUT /projects/:id/members/:user_id
+      put ":id/members/:user_id" do
         authorize! :admin_project, user_project
-        user_project.update_users_ids_to_role(params[:user_ids].values, params[:project_access])
-        nil
+        users_project = user_project.users_projects.find_by_user_id params[:user_id]
+
+        if users_project.update_attributes(project_access: params[:access_level])
+          @member = users_project.user
+          present @member, with: Entities::ProjectMember, project: user_project
+        else
+          not_found!
+        end
       end
 
-      # Delete project users
+      # Remove a team member from project
       #
       # Parameters:
       #   id (required) - The ID or code name of a project
-      #   user_ids (required) - The ID list of users to delete
+      #   user_id (required) - The ID of a team member
       # Example Request:
-      #   DELETE /projects/:id/users
-      delete ":id/users" do
+      #   DELETE /projects/:id/members/:user_id
+      delete ":id/members/:user_id" do
         authorize! :admin_project, user_project
-        user_project.delete_users_ids_from_team(params[:user_ids].values)
-        nil
+        users_project = user_project.users_projects.find_by_user_id params[:user_id]
+        users_project.destroy
       end
 
       # Get project hooks
@@ -184,6 +211,24 @@ module Gitlab
         present user_project.repo.tags.sort_by(&:name).reverse, with: Entities::RepoObject
       end
 
+      # Get a project repository commits
+      #
+      # Parameters:
+      #   id (required) - The ID or code name of a project
+      #   ref_name (optional) - The name of a repository branch or tag
+      # Example Request:
+      #   GET /projects/:id/repository/commits
+      get ":id/repository/commits" do
+        authorize! :download_code, user_project
+
+        page = params[:page] || 0
+        per_page = params[:per_page] || 20
+        ref = params[:ref_name] || user_project.try(:default_branch) || 'master'
+
+        commits = user_project.commits(ref, nil, per_page, page * per_page)
+        present CommitDecorator.decorate(commits), with: Entities::RepoCommit
+      end
+
       # Get a project snippet
       #
       # Parameters:
@@ -207,6 +252,8 @@ module Gitlab
       # Example Request:
       #   POST /projects/:id/snippets
       post ":id/snippets" do
+        authorize! :write_snippet, user_project
+
         attrs = attributes_for_keys [:title, :file_name]
         attrs[:expires_at] = params[:lifetime] if params[:lifetime].present?
         attrs[:content] = params[:code] if params[:code].present?
@@ -282,6 +329,8 @@ module Gitlab
       # Example Request:
       #   GET /projects/:id/repository/commits/:sha/blob
       get ":id/repository/commits/:sha/blob" do
+        authorize! :download_code, user_project
+
         ref = params[:sha]
 
         commit = user_project.commit ref
diff --git a/lib/api/session.rb b/lib/api/session.rb
new file mode 100644
index 00000000000..b4050160ae4
--- /dev/null
+++ b/lib/api/session.rb
@@ -0,0 +1,20 @@
+module Gitlab
+  # Users API
+  class Session < Grape::API
+    # Login to get token
+    #
+    # Example Request:
+    #  POST /session
+    post "/session" do
+      resource = User.find_for_database_authentication(email: params[:email])
+
+      return unauthorized! unless resource
+
+      if resource.valid_password?(params[:password])
+        present resource, with: Entities::UserLogin
+      else
+        unauthorized!
+      end
+    end
+  end
+end
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 98ced6f8e5b..0ca8fb2a1ae 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -25,12 +25,59 @@ module Gitlab
       end
     end
 
-    # Get currently authenticated user
-    #
-    # Example Request:
-    #   GET /user
-    get "/user" do
-      present @current_user, with: Entities::User
+    resource :user do
+      # Get currently authenticated user
+      #
+      # Example Request:
+      #   GET /user
+      get do
+        present @current_user, with: Entities::User
+      end
+
+      # Get currently authenticated user's keys
+      #
+      # Example Request:
+      #   GET /user/keys
+      get "keys" do
+        present current_user.keys, with: Entities::SSHKey
+      end
+
+      # Get single key owned by currently authenticated user
+      #
+      # Example Request:
+      #   GET /user/keys/:id
+      get "keys/:id" do
+        key = current_user.keys.find params[:id]
+        present key, with: Entities::SSHKey
+      end
+
+      # Add new ssh key to currently authenticated user
+      #
+      # Parameters:
+      #   key (required) - New SSH Key
+      #   title (required) - New SSH Key's title
+      # Example Request:
+      #   POST /user/keys
+      post "keys" do
+        attrs = attributes_for_keys [:title, :key]
+        key = current_user.keys.new attrs
+        if key.save
+          present key, with: Entities::SSHKey
+        else
+          not_found!
+        end
+      end
+
+      # Delete existed ssh key of currently authenticated user
+      #
+      # Parameters:
+      #   id (required) - SSH Key ID
+      # Example Request:
+      #   DELETE /user/keys/:id
+      delete "keys/:id" do
+        key = current_user.keys.find params[:id]
+        key.delete
+      end
     end
   end
 end