summaryrefslogtreecommitdiff
path: root/lib/api/v3/members.rb
blob: 684860b553eb075a2c4e7fa0349ca8aab2d84b13 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
module API
  module V3
    class Members < Grape::API
      include PaginationParams

      before { authenticate! }

      helpers ::API::Helpers::MembersHelpers

      %w[group project].each do |source_type|
        params do
          requires :id, type: String, desc: "The #{source_type} ID"
        end
        resource source_type.pluralize, requirements: { id: %r{[^/]+} } do
          desc 'Gets a list of group or project members viewable by the authenticated user.' do
            success ::API::Entities::Member
          end
          params do
            optional :query, type: String, desc: 'A query string to search for members'
            use :pagination
          end
          get ":id/members" do
            source = find_source(source_type, params[:id])

            users = source.users
            users = users.merge(User.search(params[:query])) if params[:query]

            present paginate(users), with: ::API::Entities::Member, source: source
          end

          desc 'Gets a member of a group or project.' do
            success ::API::Entities::Member
          end
          params do
            requires :user_id, type: Integer, desc: 'The user ID of the member'
          end
          get ":id/members/:user_id" do
            source = find_source(source_type, params[:id])

            members = source.members
            member = members.find_by!(user_id: params[:user_id])

            present member.user, with: ::API::Entities::Member, member: member
          end

          desc 'Adds a member to a group or project.' do
            success ::API::Entities::Member
          end
          params do
            requires :user_id, type: Integer, desc: 'The user ID of the new member'
            requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
            optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
          end
          post ":id/members" do
            source = find_source(source_type, params[:id])
            authorize_admin_source!(source_type, source)

            member = source.members.find_by(user_id: params[:user_id])

            # We need this explicit check because `source.add_user` doesn't
            # currently return the member created so it would return 201 even if
            # the member already existed...
            # The `source_type == 'group'` check is to ensure back-compatibility
            # but 409 behavior should be used for both project and group members in 9.0!
            conflict!('Member already exists') if source_type == 'group' && member

            unless member
              member = source.add_user(params[:user_id], params[:access_level], current_user: current_user, expires_at: params[:expires_at])
            end
            if member.persisted? && member.valid?
              present member.user, with: ::API::Entities::Member, member: member
            else
              # This is to ensure back-compatibility but 400 behavior should be used
              # for all validation errors in 9.0!
              render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)
              render_validation_error!(member)
            end
          end

          desc 'Updates a member of a group or project.' do
            success ::API::Entities::Member
          end
          params do
            requires :user_id, type: Integer, desc: 'The user ID of the new member'
            requires :access_level, type: Integer, desc: 'A valid access level'
            optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
          end
          put ":id/members/:user_id" do
            source = find_source(source_type, params.delete(:id))
            authorize_admin_source!(source_type, source)

            member = source.members.find_by!(user_id: params.delete(:user_id))

            if member.update_attributes(declared_params(include_missing: false))
              present member.user, with: ::API::Entities::Member, member: member
            else
              # This is to ensure back-compatibility but 400 behavior should be used
              # for all validation errors in 9.0!
              render_api_error!('Access level is not known', 422) if member.errors.key?(:access_level)
              render_validation_error!(member)
            end
          end

          desc 'Removes a user from a group or project.'
          params do
            requires :user_id, type: Integer, desc: 'The user ID of the member'
          end
          delete ":id/members/:user_id" do
            source = find_source(source_type, params[:id])

            # This is to ensure back-compatibility but find_by! should be used
            # in that casse in 9.0!
            member = source.members.find_by(user_id: params[:user_id])

            # This is to ensure back-compatibility but this should be removed in
            # favor of find_by! in 9.0!
            not_found!("Member: user_id:#{params[:user_id]}") if source_type == 'group' && member.nil?

            # This is to ensure back-compatibility but 204 behavior should be used
            # for all DELETE endpoints in 9.0!
            if member.nil?
              status(200  )
              { message: "Access revoked", id: params[:user_id].to_i }
            else
              ::Members::DestroyService.new(source, current_user, declared_params).execute

              present member.user, with: ::API::Entities::Member, member: member
            end
          end
        end
      end
    end
  end
end