Commit 30cf916b authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'api-edit-groups' into 'master'

Edit group members via API

Fixes #1840.  Implement a new API endpoint to update the access level of an existing group member.  Includes new tests and updated API docs.

cc @sytse @douwe

See merge request !1504
parents e71805db b0dacc8e
......@@ -50,7 +50,7 @@ v 7.8.0 (unreleased)
-
- Password reset token validity increased from 2 hours to 2 days since it is also send on account creation.
-
-
- Edit group members via API
- Enable raw image paste from clipboard, currently Chrome only (Marco Cyriacks)
-
-
......
......@@ -9,19 +9,19 @@
- Each project can also have an issue tracker and a wiki
- Used by more than 100,000 organizations, GitLab is the most popular solution to manage Git repositories on-premises
- Completely free and open source (MIT Expat license)
- Powered by Ruby on Rails
- Powered by [Ruby on Rails](https://github.com/rails/rails)
## Editions
There are two editions of GitLab.
GitLab [Community Edition](https://about.gitlab.com/features/) (CE) is available without any costs under an MIT license.
*GitLab [Community Edition](https://about.gitlab.com/features/) (CE)* is available without any costs under an MIT license.
GitLab Enterprise Edition (EE) includes [extra features](https://about.gitlab.com/features/#compare) that are most useful for organizations with more than 100 users.
*GitLab Enterprise Edition (EE)* includes [extra features](https://about.gitlab.com/features/#compare) that are most useful for organizations with more than 100 users.
To get access to the EE and support please [become a subscriber](https://about.gitlab.com/pricing/).
## Canonical source
- The source of GitLab Community Edition is [hosted on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ce/) and there are mirrors to make [contributing](CONTRIBUTING.md) as easy as possible.
The source of GitLab Community Edition is [hosted on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ce/) and there are mirrors to make [contributing](CONTRIBUTING.md) as easy as possible.
## Code status
......@@ -48,42 +48,45 @@ On [about.gitlab.com](https://about.gitlab.com/) you can find more information a
## Requirements
- Ubuntu/Debian/CentOS/RHEL**
GitLab requires the following software:
- Ubuntu/Debian/CentOS/RHEL
- Ruby (MRI) 2.0 or 2.1
- git 1.7.10+
- redis 2.0+
- Git 1.7.10+
- Redis 2.0+
- MySQL or PostgreSQL
** More details are in the [requirements doc](doc/install/requirements.md).
Please see the [requirements documentation](doc/install/requirements.md) for system requirements and more information about the supported operating systems.
## Installation
Please see [the installation page on the GitLab website](https://about.gitlab.com/installation/) for the various options.
Since a manual installation is a lot of work and error prone we strongly recommend the fast and reliable [Omnibus package installation](https://about.gitlab.com/downloads/) (deb/rpm).
You can access new installation with the login `root` and password `5iveL!fe`, after login you are required to set a unique password.
The recommended way to install GitLab is using the provided [Omnibus packages](https://about.gitlab.com/downloads/). Compared to a manual installation, this is faster and less error prone. Just select your operating system, download the respective package (Debian or RPM) and install it using the system's package manager.
There are various other options to install GitLab, please refer to the [installation page on the GitLab website](https://about.gitlab.com/installation/) for more information.
You can access a new installation with the login **`root`** and password **`5iveL!fe`**, after login you are required to set a unique password.
## Third-party applications
There are a lot of applications and API wrappers for GitLab.
Find them [on our website](https://about.gitlab.com/applications/).
There are a lot of [third-party applications integrating with GitLab](https://about.gitlab.com/applications/). These include GUI Git clients, mobile applications and API wrappers for various languages.
## New versions
## GitLab release cycle
Since 2011 a minor or major version of GitLab is released on the 22nd of every month. Patch and security releases come out when needed. New features are detailed on the [blog](https://about.gitlab.com/blog/) and in the [changelog](CHANGELOG). For more information about the release process see the release [documentation](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/release). Features that will likely be in the next releases can be found on the [feature request forum](http://feedback.gitlab.com/forums/176466-general) with the status [started](http://feedback.gitlab.com/forums/176466-general/status/796456) and [completed](http://feedback.gitlab.com/forums/176466-general/status/796457).
Since 2011 a minor or major version of GitLab is released on the 22nd of every month. Patch and security releases are published when needed. New features are detailed on the [blog](https://about.gitlab.com/blog/) and in the [changelog](CHANGELOG). For more information about the release process see the [release documentation](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/release). Features that will likely be in the next releases can be found on the [feature request forum](http://feedback.gitlab.com/forums/176466-general) with the status [started](http://feedback.gitlab.com/forums/176466-general/status/796456) and [completed](http://feedback.gitlab.com/forums/176466-general/status/796457).
## Upgrading
For updating the the Omnibus installation please see the [update documentation](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update.md). For manual installations there is an [upgrader script](doc/update/upgrader.md) and there are [upgrade guides](doc/update).
For updating the Omnibus installation please see the [update documentation](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update.md). For manual installations there is an [upgrader script](doc/update/upgrader.md) and there are [upgrade guides](doc/update) detailing all necessary commands to migrate to the next version.
## Install a development environment
We recommend setting up your development environment with [the GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit).
If you do not use the GitLab Development Development kit you need to install and setup all the dependencies yourself, this is a lot of work and error prone.
To work on GitLab itself, we recommend setting up your development environment with [the GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit).
If you do not use the GitLab Development Kit you need to install and setup all the dependencies yourself, this is a lot of work and error prone.
One small thing you also have to do when installing it yourself is to copy the example development unicorn configuration file:
cp config/unicorn.rb.example.development config/unicorn.rb
Instructions on how to start Gitlab and how to run the tests can be found in the [development section of the GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit#development).
Instructions on how to start GitLab and how to run the tests can be found in the [development section of the GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit#development).
## Documentation
......
......@@ -152,6 +152,20 @@ Parameters:
- `user_id` (required) - The ID of a user to add
- `access_level` (required) - Project access level
### Edit group team member
Updates a group team member to a specified access level.
```
PUT /groups/:id/members/:user_id
```
Parameters:
- `id` (required) - The ID of a group
- `user_id` (required) - The ID of a group member
- `access_level` (required) - Project access level
### Remove user team member
Removes user from user team.
......
......@@ -148,7 +148,7 @@ But let's throw in a <b>tag</b>.
If you are new to this, don't be :fearful_face:. You can easily join the emoji :family:. All you need to do is to look up on the supported codes.
Consult the [Emoji Cheat Sheet](https://www.dropbox.com/s/b9xaqb977s6d8w1/cheat_sheet.pdf) for a list of all supported emoji codes. :thumbsup:
Consult the [Emoji Cheat Sheet](https://s3.amazonaws.com/emoji-cheatsheet/cheat_sheet.pdf) for a list of all supported emoji codes. :thumbsup:
Sometimes you want to be a :ninja: and add some :glowing_star: to your :speech_balloon:. Well we have a gift for you:
......@@ -158,7 +158,7 @@ You can use it to point out a :bug: or warn about :speak_no_evil_monkey: patches
If you are new to this, don't be :fearful_face:. You can easily join the emoji :family:. All you need to do is to look up on the supported codes.
Consult the [Emoji Cheat Sheet](https://www.dropbox.com/s/b9xaqb977s6d8w1/cheat_sheet.pdf) for a list of all supported emoji codes. :thumbsup:
Consult the [Emoji Cheat Sheet](https://s3.amazonaws.com/emoji-cheatsheet/cheat_sheet.pdf) for a list of all supported emoji codes. :thumbsup:
## Special GitLab References
......
......@@ -40,6 +40,30 @@ module API
present member.user, with: Entities::GroupMember, group: group
end
# Update group member
#
# Parameters:
# id (required) - The ID of a group
# user_id (required) - The ID of a group member
# access_level (required) - Project access level
# Example Request:
# PUT /groups/:id/members/:user_id
put ':id/members/:user_id' do
group = find_group(params[:id])
authorize! :manage_group, group
required_attributes! [:access_level]
team_member = group.group_members.find_by(user_id: params[:user_id])
not_found!('User can not be found') if team_member.nil?
if team_member.update_attributes(access_level: params[:access_level])
@member = team_member.user
present @member, with: Entities::GroupMember, group: group
else
handle_member_errors team_member.errors
end
end
# Remove member.
#
# Parameters:
......
......@@ -238,5 +238,10 @@ module API
def secret_token
File.read(Rails.root.join('.gitlab_shell_secret'))
end
def handle_member_errors(errors)
error!(errors[:access_level], 422) if errors[:access_level].any?
not_found!(errors)
end
end
end
......@@ -4,14 +4,6 @@ module API
before { authenticate! }
resource :projects do
helpers do
def handle_project_member_errors(errors)
if errors[:access_level].any?
error!(errors[:access_level], 422)
end
not_found!(errors)
end
end
# Get a project team members
#
......@@ -66,7 +58,7 @@ module API
@member = team_member.user
present @member, with: Entities::ProjectMember, project: user_project
else
handle_project_member_errors team_member.errors
handle_member_errors team_member.errors
end
end
......@@ -89,7 +81,7 @@ module API
@member = team_member.user
present @member, with: Entities::ProjectMember, project: user_project
else
handle_project_member_errors team_member.errors
handle_member_errors team_member.errors
end
end
......
......@@ -104,6 +104,69 @@ describe API::API, api: true do
end
end
describe 'PUT /groups/:id/members/:user_id' do
context 'when not a member of the group' do
it 'should return a 409 error if the user is not a group member' do
put(
api("/groups/#{group_no_members.id}/members/#{developer.id}",
owner), access_level: GroupMember::MASTER
)
expect(response.status).to eq(404)
end
end
context 'when a member of the group' do
it 'should return ok and update member access level' do
put(
api("/groups/#{group_with_members.id}/members/#{reporter.id}",
owner),
access_level: GroupMember::MASTER
)
expect(response.status).to eq(200)
get api("/groups/#{group_with_members.id}/members", owner)
json_reporter = json_response.find do |e|
e['id'] == reporter.id
end
expect(json_reporter['access_level']).to eq(GroupMember::MASTER)
end
it 'should not allow guest to modify group members' do
put(
api("/groups/#{group_with_members.id}/members/#{developer.id}",
guest),
access_level: GroupMember::MASTER
)
expect(response.status).to eq(403)
get api("/groups/#{group_with_members.id}/members", owner)
json_developer = json_response.find do |e|
e['id'] == developer.id
end
expect(json_developer['access_level']).to eq(GroupMember::DEVELOPER)
end
it 'should return a 400 error when access level is not given' do
put(
api("/groups/#{group_with_members.id}/members/#{master.id}", owner)
)
expect(response.status).to eq(400)
end
it 'should return a 422 error when access level is not known' do
put(
api("/groups/#{group_with_members.id}/members/#{master.id}", owner),
access_level: 1234
)
expect(response.status).to eq(422)
end
end
end
describe "DELETE /groups/:id/members/:user_id" do
context "when not a member of the group" do
it "should not delete guest's membership of group_with_members" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment