Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
9769c2d7
Commit
9769c2d7
authored
Aug 19, 2014
by
Robert Schilling
Committed by
Jakub Jirutka
Mar 31, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix #6417: users with group permission should be able to create groups via API
parent
0191857f
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
14 additions
and
12 deletions
+14
-12
doc/api/groups.md
doc/api/groups.md
+1
-1
lib/api/groups.rb
lib/api/groups.rb
+2
-2
spec/factories.rb
spec/factories.rb
+1
-0
spec/requests/api/groups_spec.rb
spec/requests/api/groups_spec.rb
+10
-9
No files found.
doc/api/groups.md
View file @
9769c2d7
...
...
@@ -35,7 +35,7 @@ Parameters:
## New group
Creates a new project group. Available only for
admin
.
Creates a new project group. Available only for
users who can create groups
.
```
POST /groups
...
...
lib/api/groups.rb
View file @
9769c2d7
...
...
@@ -20,7 +20,7 @@ module API
present
@groups
,
with:
Entities
::
Group
end
# Create group. Available only for
admin
# Create group. Available only for
users who can create groups.
#
# Parameters:
# name (required) - The name of the group
...
...
@@ -28,7 +28,7 @@ module API
# Example Request:
# POST /groups
post
do
auth
enticated_as_admin!
auth
orize!
:create_group
,
current_user
required_attributes!
[
:name
,
:path
]
attrs
=
attributes_for_keys
[
:name
,
:path
,
:description
]
...
...
spec/factories.rb
View file @
9769c2d7
...
...
@@ -22,6 +22,7 @@ FactoryGirl.define do
password
"12345678"
confirmed_at
{
Time
.
now
}
confirmation_token
{
nil
}
can_create_group
true
trait
:admin
do
admin
true
...
...
spec/requests/api/groups_spec.rb
View file @
9769c2d7
...
...
@@ -3,8 +3,9 @@ require 'spec_helper'
describe
API
::
API
,
api:
true
do
include
ApiHelpers
let
(
:user1
)
{
create
(
:user
)
}
let
(
:user1
)
{
create
(
:user
,
can_create_group:
false
)
}
let
(
:user2
)
{
create
(
:user
)
}
let
(
:user3
)
{
create
(
:user
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let!
(
:group1
)
{
create
(
:group
)
}
let!
(
:group2
)
{
create
(
:group
)
}
...
...
@@ -94,32 +95,32 @@ describe API::API, api: true do
end
describe
"POST /groups"
do
context
"when authenticated as user"
do
context
"when authenticated as user
without group permissions
"
do
it
"should not create group"
do
post
api
(
"/groups"
,
user1
),
attributes_for
(
:group
)
expect
(
response
.
status
).
to
eq
(
403
)
end
end
context
"when authenticated as
admin
"
do
context
"when authenticated as
user with group permissions
"
do
it
"should create group"
do
post
api
(
"/groups"
,
admin
),
attributes_for
(
:group
)
post
api
(
"/groups"
,
user3
),
attributes_for
(
:group
)
expect
(
response
.
status
).
to
eq
(
201
)
end
it
"should not create group, duplicate"
do
post
api
(
"/groups"
,
admin
),
{
name:
"Duplicate Test"
,
path:
group2
.
path
}
post
api
(
"/groups"
,
user3
),
{
name:
'Duplicate Test'
,
path:
group2
.
path
}
expect
(
response
.
status
).
to
eq
(
400
)
expect
(
response
.
message
).
to
eq
(
"Bad Request"
)
end
it
"should return 400 bad request error if name not given"
do
post
api
(
"/groups"
,
admin
),
{
path:
group2
.
path
}
post
api
(
"/groups"
,
user3
),
{
path:
group2
.
path
}
expect
(
response
.
status
).
to
eq
(
400
)
end
it
"should return 400 bad request error if path not given"
do
post
api
(
"/groups"
,
admin
),
{
name:
'test'
}
post
api
(
"/groups"
,
user3
),
{
name:
'test'
}
expect
(
response
.
status
).
to
eq
(
400
)
end
end
...
...
@@ -133,8 +134,8 @@ describe API::API, api: true do
end
it
"should not remove a group if not an owner"
do
user
3
=
create
(
:user
)
group1
.
add_user
(
user
3
,
Gitlab
::
Access
::
MASTER
)
user
4
=
create
(
:user
)
group1
.
add_user
(
user
4
,
Gitlab
::
Access
::
MASTER
)
delete
api
(
"/groups/
#{
group1
.
id
}
"
,
user3
)
expect
(
response
.
status
).
to
eq
(
403
)
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment