Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
gitlab-ce
Commits
4e97f266
Commit
4e97f266
authored
Jan 30, 2015
by
jubianchi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Acces groups with their path in API
parent
a073e00a
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
47 additions
and
40 deletions
+47
-40
CHANGELOG
CHANGELOG
+1
-1
doc/api/groups.md
doc/api/groups.md
+5
-5
lib/api/group_members.rb
lib/api/group_members.rb
+0
-16
lib/api/groups.rb
lib/api/groups.rb
+0
-16
lib/api/helpers.rb
lib/api/helpers.rb
+23
-2
spec/requests/api/groups_spec.rb
spec/requests/api/groups_spec.rb
+18
-0
No files found.
CHANGELOG
View file @
4e97f266
...
@@ -53,7 +53,7 @@ v 7.8.0
...
@@ -53,7 +53,7 @@ v 7.8.0
- Add a new API function that retrieves all issues assigned to a single milestone (Justin Whear and Hannes Rosenögger)
- Add a new API function that retrieves all issues assigned to a single milestone (Justin Whear and Hannes Rosenögger)
-
-
-
-
-
-
API: Access groups with their path (Julien Bianchi)
-
-
-
-
-
-
...
...
doc/api/groups.md
View file @
4e97f266
...
@@ -32,7 +32,7 @@ GET /groups/:id
...
@@ -32,7 +32,7 @@ GET /groups/:id
Parameters:
Parameters:
-
`id`
(required) - The ID of a group
-
`id`
(required) - The ID o
r path o
f a group
## New group
## New group
...
@@ -58,7 +58,7 @@ POST /groups/:id/projects/:project_id
...
@@ -58,7 +58,7 @@ POST /groups/:id/projects/:project_id
Parameters:
Parameters:
-
`id`
(required) - The ID of a group
-
`id`
(required) - The ID o
r path o
f a group
-
`project_id`
(required) - The ID of a project
-
`project_id`
(required) - The ID of a project
## Remove group
## Remove group
...
@@ -71,7 +71,7 @@ DELETE /groups/:id
...
@@ -71,7 +71,7 @@ DELETE /groups/:id
Parameters:
Parameters:
-
`id`
(required) - The ID of a user group
-
`id`
(required) - The ID o
r path o
f a user group
## Search for group
## Search for group
...
@@ -148,7 +148,7 @@ POST /groups/:id/members
...
@@ -148,7 +148,7 @@ POST /groups/:id/members
Parameters:
Parameters:
-
`id`
(required) - The ID of a group
-
`id`
(required) - The ID o
r path o
f a group
-
`user_id`
(required) - The ID of a user to add
-
`user_id`
(required) - The ID of a user to add
-
`access_level`
(required) - Project access level
-
`access_level`
(required) - Project access level
...
@@ -162,5 +162,5 @@ DELETE /groups/:id/members/:user_id
...
@@ -162,5 +162,5 @@ DELETE /groups/:id/members/:user_id
Parameters:
Parameters:
-
`id`
(required) - The ID of a user group
-
`id`
(required) - The ID o
r path o
f a user group
-
`user_id`
(required) - The ID of a group member
-
`user_id`
(required) - The ID of a group member
lib/api/group_members.rb
View file @
4e97f266
...
@@ -3,22 +3,6 @@ module API
...
@@ -3,22 +3,6 @@ module API
before
{
authenticate!
}
before
{
authenticate!
}
resource
:groups
do
resource
:groups
do
helpers
do
def
find_group
(
id
)
group
=
Group
.
find
(
id
)
if
can?
(
current_user
,
:read_group
,
group
)
group
else
render_api_error!
(
"403 Forbidden -
#{
current_user
.
username
}
lacks sufficient access to
#{
group
.
name
}
"
,
403
)
end
end
def
validate_access_level?
(
level
)
Gitlab
::
Access
.
options_with_owner
.
values
.
include?
level
.
to_i
end
end
# Get a list of group members viewable by the authenticated user.
# Get a list of group members viewable by the authenticated user.
#
#
# Example Request:
# Example Request:
...
...
lib/api/groups.rb
View file @
4e97f266
...
@@ -4,22 +4,6 @@ module API
...
@@ -4,22 +4,6 @@ module API
before
{
authenticate!
}
before
{
authenticate!
}
resource
:groups
do
resource
:groups
do
helpers
do
def
find_group
(
id
)
group
=
Group
.
find
(
id
)
if
can?
(
current_user
,
:read_group
,
group
)
group
else
render_api_error!
(
"403 Forbidden -
#{
current_user
.
username
}
lacks sufficient access to
#{
group
.
name
}
"
,
403
)
end
end
def
validate_access_level?
(
level
)
Gitlab
::
Access
.
options_with_owner
.
values
.
include?
level
.
to_i
end
end
# Get a groups list
# Get a groups list
#
#
# Example Request:
# Example Request:
...
...
lib/api/helpers.rb
View file @
4e97f266
...
@@ -55,6 +55,21 @@ module API
...
@@ -55,6 +55,21 @@ module API
end
end
end
end
def
find_group
(
id
)
begin
group
=
Group
.
find
(
id
)
rescue
ActiveRecord
::
RecordNotFound
group
=
Group
.
find_by!
(
path:
id
)
end
if
can?
(
current_user
,
:read_group
,
group
)
group
else
forbidden!
(
"
#{
current_user
.
username
}
lacks sufficient "
\
"access to
#{
group
.
name
}
"
)
end
end
def
paginate
(
relation
)
def
paginate
(
relation
)
per_page
=
params
[
:per_page
].
to_i
per_page
=
params
[
:per_page
].
to_i
paginated
=
relation
.
page
(
params
[
:page
]).
per
(
per_page
)
paginated
=
relation
.
page
(
params
[
:page
]).
per
(
per_page
)
...
@@ -135,10 +150,16 @@ module API
...
@@ -135,10 +150,16 @@ module API
errors
errors
end
end
def
validate_access_level?
(
level
)
Gitlab
::
Access
.
options_with_owner
.
values
.
include?
level
.
to_i
end
# error helpers
# error helpers
def
forbidden!
def
forbidden!
(
reason
=
nil
)
render_api_error!
(
'403 Forbidden'
,
403
)
message
=
[
'403 Forbidden'
]
message
<<
" -
#{
reason
}
"
if
reason
render_api_error!
(
message
.
join
(
' '
),
403
)
end
end
def
bad_request!
(
attribute
)
def
bad_request!
(
attribute
)
...
...
spec/requests/api/groups_spec.rb
View file @
4e97f266
...
@@ -73,6 +73,24 @@ describe API::API, api: true do
...
@@ -73,6 +73,24 @@ describe API::API, api: true do
response
.
status
.
should
==
404
response
.
status
.
should
==
404
end
end
end
end
context
'when using group path in URL'
do
it
'should return any existing group'
do
get
api
(
"/groups/
#{
group1
.
path
}
"
,
admin
)
response
.
status
.
should
==
200
json_response
[
'name'
]
==
group2
.
name
end
it
'should not return a non existing group'
do
get
api
(
'/groups/unknown'
,
admin
)
response
.
status
.
should
==
404
end
it
'should not return a group not attached to user1'
do
get
api
(
"/groups/
#{
group2
.
path
}
"
,
user1
)
response
.
status
.
should
==
403
end
end
end
end
describe
"POST /groups"
do
describe
"POST /groups"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment