debian-mirror-gitlab/lib/api/groups.rb

418 lines
16 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
module API
2021-01-03 14:25:43 +05:30
class Groups < ::API::Base
2017-08-17 22:00:37 +05:30
include PaginationParams
2018-03-27 19:54:05 +05:30
include Helpers::CustomAttributes
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
before { authenticate_non_get! }
2014-09-02 18:07:02 +05:30
2021-01-29 00:20:46 +05:30
feature_category :subgroups
2019-09-04 21:01:54 +05:30
helpers Helpers::GroupsHelpers
2017-08-17 22:00:37 +05:30
2019-09-04 21:01:54 +05:30
helpers do
2017-08-17 22:00:37 +05:30
params :statistics_params do
optional :statistics, type: Boolean, default: false, desc: 'Include project statistics'
end
2018-03-17 18:26:18 +05:30
params :group_list_params do
2017-08-17 22:00:37 +05:30
use :statistics_params
2020-07-28 23:09:34 +05:30
optional :skip_groups, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'Array of group ids to exclude from list'
2017-08-17 22:00:37 +05:30
optional :all_available, type: Boolean, desc: 'Show all group that you have access to'
optional :search, type: String, desc: 'Search for a specific group'
optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user'
2021-09-30 23:02:18 +05:30
optional :order_by, type: String, values: %w[name path id similarity], default: 'name', desc: 'Order by name, path, id or similarity if searching'
2017-08-17 22:00:37 +05:30
optional :sort, type: String, values: %w[asc desc], default: 'asc', desc: 'Sort by asc (ascending) or desc (descending)'
2018-11-18 11:00:15 +05:30
optional :min_access_level, type: Integer, values: Gitlab::Access.all_values, desc: 'Minimum access level of authenticated user'
2020-06-23 00:09:42 +05:30
optional :top_level_only, type: Boolean, desc: 'Only include top level groups'
2017-08-17 22:00:37 +05:30
use :pagination
end
2018-12-05 23:21:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
2018-10-15 14:42:47 +05:30
def find_groups(params, parent_id = nil)
2021-01-03 14:25:43 +05:30
find_params = params.slice(
:all_available,
:custom_attributes,
:owned, :min_access_level,
2021-10-27 15:23:28 +05:30
:include_parent_descendants,
:search
2021-01-03 14:25:43 +05:30
)
2020-06-23 00:09:42 +05:30
find_params[:parent] = if params[:top_level_only]
[nil]
elsif parent_id
find_group!(parent_id)
end
2018-10-15 14:42:47 +05:30
find_params[:all_available] =
2020-01-01 13:55:28 +05:30
find_params.fetch(:all_available, current_user&.can_read_all_resources?)
2018-03-17 18:26:18 +05:30
groups = GroupsFinder.new(current_user, find_params).execute
2017-08-17 22:00:37 +05:30
groups = groups.where.not(id: params[:skip_groups]) if params[:skip_groups].present?
2021-09-30 23:02:18 +05:30
order_groups(groups)
2018-03-17 18:26:18 +05:30
end
2018-12-05 23:21:45 +05:30
# rubocop: enable CodeReuse/ActiveRecord
2018-03-17 18:26:18 +05:30
2019-07-07 11:18:12 +05:30
def create_group
# This is a separate method so that EE can extend its behaviour, without
# having to modify this code directly.
::Groups::CreateService
.new(current_user, declared_params(include_missing: false))
.execute
end
def update_group(group)
# This is a separate method so that EE can extend its behaviour, without
# having to modify this code directly.
::Groups::UpdateService
.new(group, current_user, declared_params(include_missing: false))
.execute
end
2020-05-24 23:13:21 +05:30
def find_group_projects(params, finder_options)
2018-03-17 18:26:18 +05:30
group = find_group!(params[:id])
2019-02-15 15:39:39 +05:30
projects = GroupProjectsFinder.new(
group: group,
current_user: current_user,
params: project_finder_params,
2020-05-24 23:13:21 +05:30
options: finder_options
2019-02-15 15:39:39 +05:30
).execute
2020-10-24 23:57:45 +05:30
projects = reorder_projects_with_similarity_order_support(group, projects)
2018-03-17 18:26:18 +05:30
paginate(projects)
end
2020-05-24 23:13:21 +05:30
def present_projects(params, projects)
options = {
with: params[:simple] ? Entities::BasicProjectDetails : Entities::Project,
current_user: current_user
}
projects, options = with_custom_attributes(projects, options)
present options[:with].prepare_relation(projects), options
end
2018-03-17 18:26:18 +05:30
def present_groups(params, groups)
options = {
with: Entities::Group,
current_user: current_user,
2020-05-24 23:13:21 +05:30
statistics: params[:statistics] && current_user&.admin?
2018-03-17 18:26:18 +05:30
}
groups = groups.with_statistics if options[:statistics]
2018-03-27 19:54:05 +05:30
groups, options = with_custom_attributes(groups, options)
2018-03-17 18:26:18 +05:30
present paginate(groups), options
end
2020-03-13 15:44:24 +05:30
def delete_group(group)
destroy_conditionally!(group) do |group|
::Groups::DestroyService.new(group, current_user).async_execute
end
accepted!
end
2020-10-24 23:57:45 +05:30
def reorder_projects_with_similarity_order_support(group, projects)
return handle_similarity_order(group, projects) if params[:order_by] == 'similarity'
reorder_projects(projects)
end
2021-09-30 23:02:18 +05:30
def order_groups(groups)
return groups.sorted_by_similarity_and_parent_id_desc(params[:search]) if order_by_similarity?
groups.reorder(group_without_similarity_options) # rubocop: disable CodeReuse/ActiveRecord
end
def group_without_similarity_options
order_options = { params[:order_by] => params[:sort] }
order_options['name'] = order_options.delete('similarity') if order_options.has_key?('similarity')
order_options["id"] ||= "asc"
order_options
end
2020-10-24 23:57:45 +05:30
# rubocop: disable CodeReuse/ActiveRecord
def handle_similarity_order(group, projects)
2021-10-27 15:23:28 +05:30
if params[:search].present?
2020-10-24 23:57:45 +05:30
projects.sorted_by_similarity_desc(params[:search])
else
order_options = { name: :asc }
order_options['id'] ||= params[:sort] || 'asc'
projects.reorder(order_options)
end
end
# rubocop: enable CodeReuse/ActiveRecord
2021-04-17 20:07:23 +05:30
def authorize_group_creation!
authorize! :create_group
end
2021-04-29 21:17:54 +05:30
def check_subscription!(group)
render_api_error!("This group can't be removed because it is linked to a subscription.", :bad_request) if group.paid?
end
2018-03-17 18:26:18 +05:30
end
resource :groups do
include CustomAttributesEndpoints
desc 'Get a groups list' do
success Entities::Group
end
params do
use :group_list_params
2018-03-27 19:54:05 +05:30
use :with_custom_attributes
2018-03-17 18:26:18 +05:30
end
get do
2018-10-15 14:42:47 +05:30
groups = find_groups(declared_params(include_missing: false), params[:id])
2018-03-17 18:26:18 +05:30
present_groups params, groups
2017-08-17 22:00:37 +05:30
end
desc 'Create a group. Available only for users who can create groups.' do
success Entities::Group
end
params do
requires :name, type: String, desc: 'The name of the group'
requires :path, type: String, desc: 'The path of the group'
2019-10-12 21:52:04 +05:30
optional :parent_id, type: Integer, desc: 'The parent group id for creating nested group'
2017-09-10 17:25:29 +05:30
2017-08-17 22:00:37 +05:30
use :optional_params
end
2014-09-02 18:07:02 +05:30
post do
2018-03-17 18:26:18 +05:30
parent_group = find_group!(params[:parent_id]) if params[:parent_id].present?
if parent_group
authorize! :create_subgroup, parent_group
else
2021-04-17 20:07:23 +05:30
authorize_group_creation!
2018-03-17 18:26:18 +05:30
end
2014-09-02 18:07:02 +05:30
2019-07-07 11:18:12 +05:30
group = create_group
2020-06-23 00:09:42 +05:30
group.preload_shared_group_links
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
if group.persisted?
2017-09-10 17:25:29 +05:30
present group, with: Entities::GroupDetail, current_user: current_user
2014-09-02 18:07:02 +05:30
else
2017-08-17 22:00:37 +05:30
render_api_error!("Failed to save group #{group.errors.messages}", 400)
2014-09-02 18:07:02 +05:30
end
end
2017-08-17 22:00:37 +05:30
end
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
params do
requires :id, type: String, desc: 'The ID of a group'
end
2019-02-15 15:39:39 +05:30
resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
2017-08-17 22:00:37 +05:30
desc 'Update a group. Available only for users who can administrate groups.' do
success Entities::Group
end
params do
optional :name, type: String, desc: 'The name of the group'
optional :path, type: String, desc: 'The path of the group'
use :optional_params
2021-09-30 23:02:18 +05:30
use :optional_update_params
2019-09-04 21:01:54 +05:30
use :optional_update_params_ee
2017-08-17 22:00:37 +05:30
end
2016-06-02 11:05:42 +05:30
put ':id' do
2017-08-17 22:00:37 +05:30
group = find_group!(params[:id])
2020-06-23 00:09:42 +05:30
group.preload_shared_group_links
2016-06-02 11:05:42 +05:30
authorize! :admin_group, group
2019-07-07 11:18:12 +05:30
if update_group(group)
2017-08-17 22:00:37 +05:30
present group, with: Entities::GroupDetail, current_user: current_user
2016-06-02 11:05:42 +05:30
else
render_validation_error!(group)
end
end
2017-08-17 22:00:37 +05:30
desc 'Get a single group, with containing projects.' do
success Entities::GroupDetail
end
2018-03-27 19:54:05 +05:30
params do
use :with_custom_attributes
2018-11-18 11:00:15 +05:30
optional :with_projects, type: Boolean, default: true, desc: 'Omit project details'
2018-03-27 19:54:05 +05:30
end
2014-09-02 18:07:02 +05:30
get ":id" do
2017-08-17 22:00:37 +05:30
group = find_group!(params[:id])
2020-06-23 00:09:42 +05:30
group.preload_shared_group_links
2018-03-27 19:54:05 +05:30
options = {
2018-11-18 11:00:15 +05:30
with: params[:with_projects] ? Entities::GroupDetail : Entities::Group,
2019-12-04 20:38:33 +05:30
current_user: current_user,
user_can_admin_group: can?(current_user, :admin_group, group)
2018-03-27 19:54:05 +05:30
}
group, options = with_custom_attributes(group, options)
present group, options
2014-09-02 18:07:02 +05:30
end
2017-08-17 22:00:37 +05:30
desc 'Remove a group.'
2014-09-02 18:07:02 +05:30
delete ":id" do
2017-08-17 22:00:37 +05:30
group = find_group!(params[:id])
2015-04-26 12:48:37 +05:30
authorize! :admin_group, group
2021-04-29 21:17:54 +05:30
check_subscription! group
2017-09-10 17:25:29 +05:30
2020-03-13 15:44:24 +05:30
delete_group(group)
2017-08-17 22:00:37 +05:30
end
desc 'Get a list of projects in this group.' do
success Entities::Project
2014-09-02 18:07:02 +05:30
end
2017-08-17 22:00:37 +05:30
params do
2020-07-28 23:09:34 +05:30
optional :archived, type: Boolean, desc: 'Limit by archived status'
2017-08-17 22:00:37 +05:30
optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values,
desc: 'Limit by visibility'
optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria'
2020-10-24 23:57:45 +05:30
optional :order_by, type: String, values: %w[id name path created_at updated_at last_activity_at similarity],
2017-08-17 22:00:37 +05:30
default: 'created_at', desc: 'Return projects ordered by field'
optional :sort, type: String, values: %w[asc desc], default: 'desc',
desc: 'Return projects sorted in ascending and descending order'
optional :simple, type: Boolean, default: false,
desc: 'Return only the ID, URL, name, and path of each project'
optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user'
optional :starred, type: Boolean, default: false, desc: 'Limit by starred status'
2018-11-08 19:23:39 +05:30
optional :with_issues_enabled, type: Boolean, default: false, desc: 'Limit by enabled issues feature'
optional :with_merge_requests_enabled, type: Boolean, default: false, desc: 'Limit by enabled merge requests feature'
2019-02-15 15:39:39 +05:30
optional :with_shared, type: Boolean, default: true, desc: 'Include projects shared to this group'
optional :include_subgroups, type: Boolean, default: false, desc: 'Includes projects in subgroups of this group'
2019-12-04 20:38:33 +05:30
optional :min_access_level, type: Integer, values: Gitlab::Access.all_values, desc: 'Limit by minimum access level of authenticated user on projects'
2014-09-02 18:07:02 +05:30
2017-08-17 22:00:37 +05:30
use :pagination
2018-03-27 19:54:05 +05:30
use :with_custom_attributes
2019-12-04 20:38:33 +05:30
use :optional_projects_params
2017-08-17 22:00:37 +05:30
end
2015-12-23 02:04:40 +05:30
get ":id/projects" do
2020-05-24 23:13:21 +05:30
finder_options = {
only_owned: !params[:with_shared],
include_subgroups: params[:include_subgroups]
2018-03-27 19:54:05 +05:30
}
2020-05-24 23:13:21 +05:30
projects = find_group_projects(params, finder_options)
2018-03-27 19:54:05 +05:30
2020-05-24 23:13:21 +05:30
present_projects(params, projects)
end
desc 'Get a list of shared projects in this group' do
success Entities::Project
end
params do
2020-07-28 23:09:34 +05:30
optional :archived, type: Boolean, desc: 'Limit by archived status'
2020-05-24 23:13:21 +05:30
optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values,
desc: 'Limit by visibility'
optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria'
optional :order_by, type: String, values: %w[id name path created_at updated_at last_activity_at],
default: 'created_at', desc: 'Return projects ordered by field'
optional :sort, type: String, values: %w[asc desc], default: 'desc',
desc: 'Return projects sorted in ascending and descending order'
optional :simple, type: Boolean, default: false,
desc: 'Return only the ID, URL, name, and path of each project'
optional :starred, type: Boolean, default: false, desc: 'Limit by starred status'
optional :with_issues_enabled, type: Boolean, default: false, desc: 'Limit by enabled issues feature'
optional :with_merge_requests_enabled, type: Boolean, default: false, desc: 'Limit by enabled merge requests feature'
optional :min_access_level, type: Integer, values: Gitlab::Access.all_values, desc: 'Limit by minimum access level of authenticated user on projects'
use :pagination
use :with_custom_attributes
end
get ":id/projects/shared" do
projects = find_group_projects(params, { only_shared: true })
present_projects(params, projects)
2018-03-17 18:26:18 +05:30
end
desc 'Get a list of subgroups in this group.' do
success Entities::Group
end
params do
use :group_list_params
2018-03-27 19:54:05 +05:30
use :with_custom_attributes
2018-03-17 18:26:18 +05:30
end
get ":id/subgroups" do
2018-10-15 14:42:47 +05:30
groups = find_groups(declared_params(include_missing: false), params[:id])
2018-03-17 18:26:18 +05:30
present_groups params, groups
2017-08-17 22:00:37 +05:30
end
2021-01-03 14:25:43 +05:30
desc 'Get a list of descendant groups of this group.' do
success Entities::Group
end
params do
use :group_list_params
use :with_custom_attributes
end
get ":id/descendant_groups" do
finder_params = declared_params(include_missing: false).merge(include_parent_descendants: true)
groups = find_groups(finder_params, params[:id])
present_groups params, groups
end
2017-08-17 22:00:37 +05:30
desc 'Transfer a project to the group namespace. Available only for admin.' do
success Entities::GroupDetail
end
params do
requires :project_id, type: String, desc: 'The ID or path of the project'
end
post ":id/projects/:project_id", requirements: { project_id: /.+/ } do
2014-09-02 18:07:02 +05:30
authenticated_as_admin!
2017-08-17 22:00:37 +05:30
group = find_group!(params[:id])
2020-06-23 00:09:42 +05:30
group.preload_shared_group_links
2017-08-17 22:00:37 +05:30
project = find_project!(params[:project_id])
2015-09-11 14:41:01 +05:30
result = ::Projects::TransferService.new(project, current_user).execute(group)
2014-09-02 18:07:02 +05:30
if result
2017-08-17 22:00:37 +05:30
present group, with: Entities::GroupDetail, current_user: current_user
2014-09-02 18:07:02 +05:30
else
2015-04-26 12:48:37 +05:30
render_api_error!("Failed to transfer project #{project.errors.messages}", 400)
2014-09-02 18:07:02 +05:30
end
end
2020-06-23 00:09:42 +05:30
desc 'Share a group with a group' do
success Entities::GroupDetail
end
params do
requires :group_id, type: Integer, desc: 'The ID of the group to share'
requires :group_access, type: Integer, values: Gitlab::Access.all_values, desc: 'The group access level'
optional :expires_at, type: Date, desc: 'Share expiration date'
end
post ":id/share" do
shared_group = find_group!(params[:id])
shared_with_group = find_group!(params[:group_id])
group_link_create_params = {
shared_group_access: params[:group_access],
expires_at: params[:expires_at]
}
2021-09-04 01:27:46 +05:30
result = ::Groups::GroupLinks::CreateService.new(shared_group, shared_with_group, current_user, group_link_create_params).execute
2020-06-23 00:09:42 +05:30
shared_group.preload_shared_group_links
if result[:status] == :success
present shared_group, with: Entities::GroupDetail, current_user: current_user
else
render_api_error!(result[:message], result[:http_status])
end
end
params do
requires :group_id, type: Integer, desc: 'The ID of the shared group'
end
# rubocop: disable CodeReuse/ActiveRecord
delete ":id/share/:group_id" do
shared_group = find_group!(params[:id])
link = shared_group.shared_with_group_links.find_by(shared_with_group_id: params[:group_id])
not_found!('Group Link') unless link
::Groups::GroupLinks::DestroyService.new(shared_group, current_user).execute(link)
no_content!
end
# rubocop: enable CodeReuse/ActiveRecord
2014-09-02 18:07:02 +05:30
end
end
end
2019-12-04 20:38:33 +05:30
2021-06-08 01:23:25 +05:30
API::Groups.prepend_mod_with('API::Groups')