2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2016-09-13 17:45:13 +05:30
module API
2021-01-03 14:25:43 +05:30
class Members < :: API :: Base
2017-08-17 22:00:37 +05:30
include PaginationParams
2016-09-13 17:45:13 +05:30
before { authenticate! }
2021-01-29 00:20:46 +05:30
feature_category :authentication_and_authorization
2016-09-13 17:45:13 +05:30
helpers :: API :: Helpers :: MembersHelpers
%w[ group project ] . each do | source_type |
2016-11-03 12:29:30 +05:30
params do
requires :id , type : String , desc : " The #{ source_type } ID "
end
2019-02-15 15:39:39 +05:30
resource source_type . pluralize , requirements : API :: NAMESPACE_OR_PROJECT_REQUIREMENTS do
2016-11-03 12:29:30 +05:30
desc 'Gets a list of group or project members viewable by the authenticated user.' do
success Entities :: Member
end
params do
optional :query , type : String , desc : 'A query string to search for members'
2020-07-28 23:09:34 +05:30
optional :user_ids , type : Array [ Integer ] , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToIntegerArray . coerce , desc : 'Array of user ids to look up for membership'
2020-03-13 15:44:24 +05:30
optional :show_seat_info , type : Boolean , desc : 'Show seat information for members'
use :optional_filter_params_ee
2017-08-17 22:00:37 +05:30
use :pagination
2016-11-03 12:29:30 +05:30
end
2020-01-01 13:55:28 +05:30
2016-09-13 17:45:13 +05:30
get " :id/members " do
source = find_source ( source_type , params [ :id ] )
2020-01-01 13:55:28 +05:30
members = paginate ( retrieve_members ( source , params : params ) )
2016-09-13 17:45:13 +05:30
2020-01-01 13:55:28 +05:30
present_members members
2016-09-13 17:45:13 +05:30
end
2018-11-18 11:00:15 +05:30
desc 'Gets a list of group or project members viewable by the authenticated user, including those who gained membership through ancestor group.' do
success Entities :: Member
end
params do
optional :query , type : String , desc : 'A query string to search for members'
2020-07-28 23:09:34 +05:30
optional :user_ids , type : Array [ Integer ] , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToIntegerArray . coerce , desc : 'Array of user ids to look up for membership'
2020-03-13 15:44:24 +05:30
optional :show_seat_info , type : Boolean , desc : 'Show seat information for members'
2018-11-18 11:00:15 +05:30
use :pagination
end
2020-01-01 13:55:28 +05:30
2018-11-18 11:00:15 +05:30
get " :id/members/all " do
source = find_source ( source_type , params [ :id ] )
2020-01-01 13:55:28 +05:30
members = paginate ( retrieve_members ( source , params : params , deep : true ) )
2018-11-18 11:00:15 +05:30
2020-01-01 13:55:28 +05:30
present_members members
2018-11-18 11:00:15 +05:30
end
2016-11-03 12:29:30 +05:30
desc 'Gets a member of a group or project.' do
success Entities :: Member
end
params do
requires :user_id , type : Integer , desc : 'The user ID of the member'
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
get " :id/members/:user_id " do
source = find_source ( source_type , params [ :id ] )
2021-02-22 17:27:13 +05:30
members = source_members ( source )
2016-09-13 17:45:13 +05:30
member = members . find_by! ( user_id : params [ :user_id ] )
2020-01-01 13:55:28 +05:30
present_members member
2019-12-21 20:55:43 +05:30
end
# rubocop: enable CodeReuse/ActiveRecord
desc 'Gets a member of a group or project, including those who gained membership through ancestor group' do
success Entities :: Member
end
params do
requires :user_id , type : Integer , desc : 'The user ID of the member'
end
# rubocop: disable CodeReuse/ActiveRecord
get " :id/members/all/:user_id " do
source = find_source ( source_type , params [ :id ] )
2020-01-01 13:55:28 +05:30
members = find_all_members ( source )
2019-12-21 20:55:43 +05:30
member = members . find_by! ( user_id : params [ :user_id ] )
2020-01-01 13:55:28 +05:30
present_members member
2016-09-13 17:45:13 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
2016-11-03 12:29:30 +05:30
desc 'Adds a member to a group or project.' do
success Entities :: Member
end
params do
requires :access_level , type : Integer , desc : 'A valid access level (defaults: `30`, developer access level)'
2021-01-03 14:25:43 +05:30
requires :user_id , types : [ Integer , String ] , desc : 'The user ID of the new member or multiple IDs separated by commas.'
2016-11-03 12:29:30 +05:30
optional :expires_at , type : DateTime , desc : 'Date string in the format YEAR-MONTH-DAY'
2021-09-04 01:27:46 +05:30
optional :invite_source , type : String , desc : 'Source that triggered the member creation process' , default : 'members-api'
2021-10-27 15:23:28 +05:30
optional :areas_of_focus , type : Array [ String ] , coerce_with : Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'Areas the inviter wants the member to focus upon'
2016-11-03 12:29:30 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
post " :id/members " do
2021-07-02 01:05:55 +05:30
:: Gitlab :: QueryLimiting . disable! ( 'https://gitlab.com/gitlab-org/gitlab/-/issues/333434' )
2016-09-13 17:45:13 +05:30
source = find_source ( source_type , params [ :id ] )
authorize_admin_source! ( source_type , source )
2021-01-03 14:25:43 +05:30
if params [ :user_id ] . to_s . include? ( ',' )
2021-04-29 21:17:54 +05:30
create_service_params = params . except ( :user_id ) . merge ( { user_ids : params [ :user_id ] , source : source } )
2016-09-13 17:45:13 +05:30
2021-04-29 21:17:54 +05:30
:: Members :: CreateService . new ( current_user , create_service_params ) . execute
2021-01-03 14:25:43 +05:30
elsif params [ :user_id ] . present?
member = source . members . find_by ( user_id : params [ :user_id ] )
conflict! ( 'Member already exists' ) if member
2018-11-18 11:00:15 +05:30
2021-01-03 14:25:43 +05:30
user = User . find_by_id ( params [ :user_id ] )
not_found! ( 'User' ) unless user
2016-09-13 17:45:13 +05:30
2021-01-03 14:25:43 +05:30
member = create_member ( current_user , user , source , params )
if ! member
not_allowed! # This currently can only be reached in EE
elsif member . valid? && member . persisted?
present_members ( member )
2021-10-27 15:23:28 +05:30
Gitlab :: Tracking . event ( :: Members :: CreateService . name ,
'create_member' ,
label : params [ :invite_source ] ,
property : 'existing_user' ,
user : current_user )
track_areas_of_focus ( member , params [ :areas_of_focus ] )
2021-01-03 14:25:43 +05:30
else
render_validation_error! ( member )
end
2016-09-13 17:45:13 +05:30
end
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
2016-11-03 12:29:30 +05:30
desc 'Updates a member of a group or project.' do
success Entities :: Member
end
params do
requires :user_id , type : Integer , desc : 'The user ID of the new member'
requires :access_level , type : Integer , desc : 'A valid access level'
optional :expires_at , type : DateTime , desc : 'Date string in the format YEAR-MONTH-DAY'
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
put " :id/members/:user_id " do
2017-08-17 22:00:37 +05:30
source = find_source ( source_type , params . delete ( :id ) )
2016-09-13 17:45:13 +05:30
authorize_admin_source! ( source_type , source )
2021-01-29 00:20:46 +05:30
member = source_members ( source ) . find_by! ( user_id : params [ :user_id ] )
2016-09-13 17:45:13 +05:30
2021-03-11 19:13:27 +05:30
result = :: Members :: UpdateService
. new ( current_user , declared_params ( include_missing : false ) )
. execute ( member )
updated_member = result [ :member ]
if result [ :status ] == :success
2020-01-01 13:55:28 +05:30
present_members updated_member
2016-09-13 17:45:13 +05:30
else
2018-03-27 19:54:05 +05:30
render_validation_error! ( updated_member )
2016-09-13 17:45:13 +05:30
end
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
2016-11-03 12:29:30 +05:30
desc 'Removes a user from a group or project.'
params do
requires :user_id , type : Integer , desc : 'The user ID of the member'
2021-04-29 21:17:54 +05:30
optional :skip_subresources , type : Boolean , default : false ,
desc : 'Flag indicating if the deletion of direct memberships of the removed member in subgroups and projects should be skipped'
2020-07-28 23:09:34 +05:30
optional :unassign_issuables , type : Boolean , default : false ,
desc : 'Flag indicating if the removed member should be unassigned from any issues or merge requests within given group or project'
2016-11-03 12:29:30 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
delete " :id/members/:user_id " do
source = find_source ( source_type , params [ :id ] )
2021-01-29 00:20:46 +05:30
member = source_members ( source ) . find_by! ( user_id : params [ :user_id ] )
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
destroy_conditionally! ( member ) do
2021-04-29 21:17:54 +05:30
:: Members :: DestroyService . new ( current_user ) . execute ( member , skip_subresources : params [ :skip_subresources ] , unassign_issuables : params [ :unassign_issuables ] )
2018-03-17 18:26:18 +05:30
end
2016-09-13 17:45:13 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2016-09-13 17:45:13 +05:30
end
end
end
end
2020-05-24 23:13:21 +05:30
2021-06-08 01:23:25 +05:30
API :: Members . prepend_mod_with ( 'API::Members' )