2021-01-29 00:20:46 +05:30
# frozen_string_literal: true
module API
class Invitations < :: API :: Base
include PaginationParams
feature_category :users
before { authenticate! }
helpers :: API :: Helpers :: MembersHelpers
%w[ group project ] . each do | source_type |
params do
requires :id , type : String , desc : " The #{ source_type } ID "
end
resource source_type . pluralize , requirements : API :: NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Invite non-members by email address to a group or project.' do
detail 'This feature was introduced in GitLab 13.6'
success Entities :: Invitation
end
params do
requires :access_level , type : Integer , values : Gitlab :: Access . all_values , desc : 'A valid access level (defaults: `30`, developer access level)'
2022-06-21 17:19:12 +05:30
optional :email , types : [ String , Array [ String ] ] , email_or_email_list : true , desc : 'The email address to invite, or multiple emails separated by comma'
optional :user_id , types : [ Integer , String ] , desc : 'The user ID of the new member or multiple IDs separated by commas.'
2021-01-29 00:20:46 +05:30
optional :expires_at , type : DateTime , desc : 'Date string in the format YEAR-MONTH-DAY'
2021-09-04 01:27:46 +05:30
optional :invite_source , type : String , desc : 'Source that triggered the member creation process' , default : 'invitations-api'
2021-12-11 22:18:48 +05:30
optional :tasks_to_be_done , type : Array [ String ] , coerce_with : Validations :: Types :: CommaSeparatedToArray . coerce , desc : 'Tasks the inviter wants the member to do'
optional :tasks_project_id , type : Integer , desc : 'The project ID in which to create the task issues'
2021-01-29 00:20:46 +05:30
end
post " :id/invitations " do
2022-06-21 17:19:12 +05:30
:: Gitlab :: QueryLimiting . disable! ( 'https://gitlab.com/gitlab-org/gitlab/-/issues/354016' )
2021-01-29 00:20:46 +05:30
2022-06-21 17:19:12 +05:30
bad_request! ( 'Must provide either email or user_id as a parameter' ) if params [ :email ] . blank? && params [ :user_id ] . blank?
2021-01-29 00:20:46 +05:30
2022-06-21 17:19:12 +05:30
source = find_source ( source_type , params [ :id ] )
authorize_admin_source! ( source_type , source )
create_service_params = params . except ( :user_id ) . merge ( { user_ids : params [ :user_id ] , source : source } )
:: Members :: InviteService . new ( current_user , create_service_params ) . execute
2021-01-29 00:20:46 +05:30
end
desc 'Get a list of group or project invitations viewable by the authenticated user' do
detail 'This feature was introduced in GitLab 13.6'
success Entities :: Invitation
end
params do
optional :query , type : String , desc : 'A query string to search for members'
use :pagination
end
get " :id/invitations " do
source = find_source ( source_type , params [ :id ] )
query = params [ :query ]
2021-09-30 23:02:18 +05:30
authorize_admin_source! ( source_type , source )
2021-01-29 00:20:46 +05:30
invitations = paginate ( retrieve_member_invitations ( source , query ) )
present_member_invitations invitations
end
2021-03-08 18:12:59 +05:30
2021-04-17 20:07:23 +05:30
desc 'Updates a group or project invitation.' do
success Entities :: Member
end
params do
2021-10-27 15:23:28 +05:30
requires :email , type : String , desc : 'The email address of the invitation'
optional :access_level , type : Integer , values : Gitlab :: Access . all_values , desc : 'A valid access level (defaults: `30`, developer access level)'
optional :expires_at , type : DateTime , desc : 'Date string in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`)'
2021-04-17 20:07:23 +05:30
end
2021-10-27 15:23:28 +05:30
put " :id/invitations/:email " , requirements : { email : %r{ [^/]+ } } do
2021-04-17 20:07:23 +05:30
source = find_source ( source_type , params . delete ( :id ) )
invite_email = params [ :email ]
authorize_admin_source! ( source_type , source )
invite = retrieve_member_invitations ( source , invite_email ) . first
not_found! unless invite
update_params = declared_params ( include_missing : false )
update_params . delete ( :email )
bad_request! unless update_params . any?
result = :: Members :: UpdateService
. new ( current_user , update_params )
. execute ( invite )
updated_member = result [ :member ]
if result [ :status ] == :success
present_members updated_member
else
render_validation_error! ( updated_member )
end
end
2021-03-08 18:12:59 +05:30
desc 'Removes an invitation from a group or project.'
params do
requires :email , type : String , desc : 'The email address of the invitation'
end
2021-10-27 15:23:28 +05:30
delete " :id/invitations/:email " , requirements : { email : %r{ [^/]+ } } do
2021-03-08 18:12:59 +05:30
source = find_source ( source_type , params [ :id ] )
invite_email = params [ :email ]
authorize_admin_source! ( source_type , source )
invite = retrieve_member_invitations ( source , invite_email ) . first
not_found! unless invite
destroy_conditionally! ( invite ) do
:: Members :: DestroyService . new ( current_user , params ) . execute ( invite )
unprocessable_entity! unless invite . destroyed?
end
end
2021-01-29 00:20:46 +05:30
end
end
end
end