debian-mirror-gitlab/lib/api/project_members.rb

112 lines
3.6 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
module API
# Projects members API
class ProjectMembers < Grape::API
before { authenticate! }
resource :projects do
# Get a project team members
#
# Parameters:
# id (required) - The ID of a project
# query - Query string
# Example Request:
# GET /projects/:id/members
get ":id/members" do
if params[:query].present?
@members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
else
@members = paginate user_project.users
end
present @members, with: Entities::ProjectMember, project: user_project
end
# Get a project team members
#
# Parameters:
# id (required) - The ID of a project
# user_id (required) - The ID of a user
# Example Request:
# GET /projects/:id/members/:user_id
get ":id/members/:user_id" do
@member = user_project.users.find params[:user_id]
present @member, with: Entities::ProjectMember, project: user_project
end
# Add a new project team member
#
# Parameters:
# id (required) - The ID of a project
# user_id (required) - The ID of a user
# access_level (required) - Project access level
# Example Request:
# POST /projects/:id/members
post ":id/members" do
authorize! :admin_project, user_project
required_attributes! [:user_id, :access_level]
# either the user is already a team member or a new one
project_member = user_project.project_member(params[:user_id])
2015-04-26 12:48:37 +05:30
if project_member.nil?
project_member = user_project.project_members.new(
2014-09-02 18:07:02 +05:30
user_id: params[:user_id],
2015-04-26 12:48:37 +05:30
access_level: params[:access_level]
2014-09-02 18:07:02 +05:30
)
end
2015-04-26 12:48:37 +05:30
if project_member.save
@member = project_member.user
2014-09-02 18:07:02 +05:30
present @member, with: Entities::ProjectMember, project: user_project
else
2015-04-26 12:48:37 +05:30
handle_member_errors project_member.errors
2014-09-02 18:07:02 +05:30
end
end
# Update project team member
#
# Parameters:
# id (required) - The ID of a project
# user_id (required) - The ID of a team member
# access_level (required) - Project access level
# Example Request:
# PUT /projects/:id/members/:user_id
put ":id/members/:user_id" do
authorize! :admin_project, user_project
required_attributes! [:access_level]
2015-04-26 12:48:37 +05:30
project_member = user_project.project_members.find_by(user_id: params[:user_id])
not_found!("User can not be found") if project_member.nil?
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
if project_member.update_attributes(access_level: params[:access_level])
@member = project_member.user
2014-09-02 18:07:02 +05:30
present @member, with: Entities::ProjectMember, project: user_project
else
2015-04-26 12:48:37 +05:30
handle_member_errors project_member.errors
2014-09-02 18:07:02 +05:30
end
end
# Remove a team member from project
#
# Parameters:
# id (required) - The ID of a project
# user_id (required) - The ID of a team member
# Example Request:
# DELETE /projects/:id/members/:user_id
delete ":id/members/:user_id" do
2015-04-26 12:48:37 +05:30
project_member = user_project.project_members.find_by(user_id: params[:user_id])
2016-06-02 11:05:42 +05:30
unless current_user.can?(:admin_project, user_project) ||
current_user.can?(:destroy_project_member, project_member)
forbidden!
end
if project_member.nil?
2015-04-26 12:48:37 +05:30
{ message: "Access revoked", id: params[:user_id].to_i }
2016-06-02 11:05:42 +05:30
else
project_member.destroy
2014-09-02 18:07:02 +05:30
end
end
end
end
end