2021-01-29 00:20:46 +05:30
# frozen_string_literal: true
module API
class Invitations < :: API :: Base
include PaginationParams
feature_category :users
before { authenticate! }
helpers :: API :: Helpers :: MembersHelpers
%w[ group project ] . each do | source_type |
params do
requires :id , type : String , desc : " The #{ source_type } ID "
end
resource source_type . pluralize , requirements : API :: NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Invite non-members by email address to a group or project.' do
detail 'This feature was introduced in GitLab 13.6'
success Entities :: Invitation
2023-01-13 00:05:48 +05:30
tags %w[ invitations ]
2021-01-29 00:20:46 +05:30
end
params do
requires :access_level , type : Integer , values : Gitlab :: Access . all_values , desc : 'A valid access level (defaults: `30`, developer access level)'
2023-01-13 00:05:48 +05:30
optional :email , type : Array [ String ] , email_or_email_list : true , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'The email address to invite, or multiple emails separated by comma'
optional :user_id , type : Array [ String ] , coerce_with : :: API :: Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'The user ID of the new member or multiple IDs separated by commas.'
2021-01-29 00:20:46 +05:30
optional :expires_at , type : DateTime , desc : 'Date string in the format YEAR-MONTH-DAY'
2021-09-04 01:27:46 +05:30
optional :invite_source , type : String , desc : 'Source that triggered the member creation process' , default : 'invitations-api'
2021-12-11 22:18:48 +05:30
optional :tasks_to_be_done , type : Array [ String ] , coerce_with : Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'Tasks the inviter wants the member to do'
optional :tasks_project_id , type : Integer , desc : 'The project ID in which to create the task issues'
2021-01-29 00:20:46 +05:30
end
2022-07-16 23:28:13 +05:30
post " :id/invitations " , urgency : :low do
2022-06-21 17:19:12 +05:30
:: Gitlab :: QueryLimiting . disable! ( 'https://gitlab.com/gitlab-org/gitlab/-/issues/354016' )
2021-01-29 00:20:46 +05:30
2022-06-21 17:19:12 +05:30
bad_request! ( 'Must provide either email or user_id as a parameter' ) if params [ :email ] . blank? && params [ :user_id ] . blank?
2021-01-29 00:20:46 +05:30
2022-06-21 17:19:12 +05:30
source = find_source ( source_type , params [ :id ] )
authorize_admin_source! ( source_type , source )
2022-07-16 23:28:13 +05:30
create_service_params = params . merge ( source : source )
2022-06-21 17:19:12 +05:30
:: Members :: InviteService . new ( current_user , create_service_params ) . execute
2021-01-29 00:20:46 +05:30
end
desc 'Get a list of group or project invitations viewable by the authenticated user' do
detail 'This feature was introduced in GitLab 13.6'
success Entities :: Invitation
2023-01-13 00:05:48 +05:30
is_array true
tags %w[ invitations ]
2021-01-29 00:20:46 +05:30
end
params do
2023-01-13 00:05:48 +05:30
optional :page , type : Integer , desc : 'Page to retrieve'
optional :per_page , type : Integer , desc : 'Number of member invitations to return per page'
2021-01-29 00:20:46 +05:30
optional :query , type : String , desc : 'A query string to search for members'
use :pagination
end
get " :id/invitations " do
source = find_source ( source_type , params [ :id ] )
query = params [ :query ]
2021-09-30 23:02:18 +05:30
authorize_admin_source! ( source_type , source )
2021-01-29 00:20:46 +05:30
invitations = paginate ( retrieve_member_invitations ( source , query ) )
present_member_invitations invitations
end
2021-03-08 18:12:59 +05:30
2021-04-17 20:07:23 +05:30
desc 'Updates a group or project invitation.' do
success Entities :: Member
2023-01-13 00:05:48 +05:30
tags %w[ invitations ]
2021-04-17 20:07:23 +05:30
end
params do
2021-10-27 15:23:28 +05:30
requires :email , type : String , desc : 'The email address of the invitation'
optional :access_level , type : Integer , values : Gitlab :: Access . all_values , desc : 'A valid access level (defaults: `30`, developer access level)'
optional :expires_at , type : DateTime , desc : 'Date string in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`)'
2021-04-17 20:07:23 +05:30
end
2021-10-27 15:23:28 +05:30
put " :id/invitations/:email " , requirements : { email : %r{ [^/]+ } } do
2021-04-17 20:07:23 +05:30
source = find_source ( source_type , params . delete ( :id ) )
invite_email = params [ :email ]
authorize_admin_source! ( source_type , source )
invite = retrieve_member_invitations ( source , invite_email ) . first
not_found! unless invite
update_params = declared_params ( include_missing : false )
update_params . delete ( :email )
bad_request! unless update_params . any?
result = :: Members :: UpdateService
. new ( current_user , update_params )
. execute ( invite )
2023-03-17 16:20:25 +05:30
updated_member = result [ :members ] . first
2021-04-17 20:07:23 +05:30
if result [ :status ] == :success
present_members updated_member
else
render_validation_error! ( updated_member )
end
end
2023-01-13 00:05:48 +05:30
desc 'Removes an invitation from a group or project.' do
success code : 204
failure [
{ code : 403 , message : 'Forbidden' } ,
{ code : 404 , message : 'Not found' } ,
{ code : 409 , message : 'Could not delete invitation' }
]
tags %w[ invitations ]
end
2021-03-08 18:12:59 +05:30
params do
requires :email , type : String , desc : 'The email address of the invitation'
end
2021-10-27 15:23:28 +05:30
delete " :id/invitations/:email " , requirements : { email : %r{ [^/]+ } } do
2021-03-08 18:12:59 +05:30
source = find_source ( source_type , params [ :id ] )
invite_email = params [ :email ]
authorize_admin_source! ( source_type , source )
invite = retrieve_member_invitations ( source , invite_email ) . first
not_found! unless invite
destroy_conditionally! ( invite ) do
:: Members :: DestroyService . new ( current_user , params ) . execute ( invite )
unprocessable_entity! unless invite . destroyed?
end
end
2021-01-29 00:20:46 +05:30
end
end
end
end