Update Add Members Api to accept user_id list

app/services/members/create_service.rb

@@ -7,7 +7,7 @@ module Members
     def execute(source)
       return error(s_('AddMember|No users specified.')) if params[:user_ids].blank?
 
-      user_ids = params[:user_ids].split(',').uniq
+      user_ids = params[:user_ids].split(',').uniq.flatten
 
       return error(s_("AddMember|Too many users specified (limit is %{user_limit})") % { user_limit: user_limit }) if
         user_limit && user_ids.size > user_limit

changelogs/unreleased/update-members-api-for-multiple-user_ids.yml

+---
+title: Update Add Members API to accept user_id array
+merge_request: 44051
+author:
+type: added

doc/api/members.md

@@ -287,7 +287,7 @@ POST /projects/:id/members
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `id`      | integer/string | yes | The ID or [URL-encoded path of the project or group](README.md#namespaced-path-encoding) owned by the authenticated user |
-| `user_id` | integer         | yes | The user ID of the new member |
+| `user_id` | integer/string | yes | The user ID of the new member or multiple IDs separated by commas |
 | `access_level` | integer | yes | A valid access level |
 | `expires_at` | string | no | A date string in the format YEAR-MONTH-DAY |
 

lib/api/members.rb

@@ -88,8 +88,8 @@ module API
           success Entities::Member
         end
         params do
-          requires :user_id, type: Integer, desc: 'The user ID of the new member'
           requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
+          requires :user_id, types: [Integer, String], desc: 'The user ID of the new member or multiple IDs separated by commas.'
           optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
         end
         # rubocop: disable CodeReuse/ActiveRecord
@@ -97,20 +97,26 @@ module API
           source = find_source(source_type, params[:id])
           authorize_admin_source!(source_type, source)
 
-          member = source.members.find_by(user_id: params[:user_id])
-          conflict!('Member already exists') if member
+          if params[:user_id].to_s.include?(',')
+            create_service_params = params.except(:user_id).merge({ user_ids: params[:user_id] })
 
-          user = User.find_by_id(params[:user_id])
-          not_found!('User') unless user
+            ::Members::CreateService.new(current_user, create_service_params).execute(source)
+          elsif params[:user_id].present?
+            member = source.members.find_by(user_id: params[:user_id])
+            conflict!('Member already exists') if member
 
-          member = create_member(current_user, user, source, params)
+            user = User.find_by_id(params[:user_id])
+            not_found!('User') unless user
 
-          if !member
-            not_allowed! # This currently can only be reached in EE
-          elsif member.valid? && member.persisted?
-            present_members(member)
-          else
-            render_validation_error!(member)
+            member = create_member(current_user, user, source, params)
+
+            if !member
+              not_allowed! # This currently can only be reached in EE
+            elsif member.valid? && member.persisted?
+              present_members(member)
+            else
+              render_validation_error!(member)
+            end
           end
         end
         # rubocop: enable CodeReuse/ActiveRecord

spec/requests/api/members_spec.rb

@@ -251,6 +251,36 @@ RSpec.describe API::Members do
           expect(json_response['id']).to eq(stranger.id)
           expect(json_response['access_level']).to eq(Member::DEVELOPER)
         end
+
+        describe 'executes the Members::CreateService for multiple user_ids' do
+          it 'returns success when it successfully create all members' do
+            expect do
+              user_ids = [stranger.id, access_requester.id].join(',')
+
+              post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
+                   params: { user_id: user_ids, access_level: Member::DEVELOPER }
+
+              expect(response).to have_gitlab_http_status(:created)
+            end.to change { source.members.count }.by(2)
+            expect(json_response['status']).to eq('success')
+          end
+
+          it 'returns the error message if there was an error adding members to group' do
+            error_message = 'Unable to find User ID'
+            user_ids = [stranger.id, access_requester.id].join(',')
+
+            allow_next_instance_of(::Members::CreateService) do |service|
+              expect(service).to receive(:execute).with(source).and_return({ status: :error, message: error_message })
+            end
+
+            expect do
+              post api("/#{source_type.pluralize}/#{source.id}/members", maintainer),
+                   params: { user_id: user_ids, access_level: Member::DEVELOPER }
+            end.not_to change { source.members.count }
+            expect(json_response['status']).to eq('error')
+            expect(json_response['message']).to eq(error_message)
+          end
+        end
       end
 
       context 'access levels' do