Merge branch 'project-permissions' into 'master'

API: Project permissions

Merge branch 'project-permissions' into 'master'
API: Project permissions
Dmitriy Zaporozhets
2 parents 63a8af67 c02e3d44
Showing 6 changed files with 72 additions and 20 deletions Show diff stats
Gemfile
Gemfile.lock
doc/api/projects.md
lib/api/entities.rb
lib/api/projects.rb
spec/requests/api/projects_spec.rb
@@ -48,7 +48,8 @@ gem &quot;gitlab-linguist&quot;, &quot;~&gt; 3.0.0&quot;, require: &quot;linguist&quot;
 # API
 gem "grape", "~> 0.6.1"
-gem "grape-entity", "~> 0.3.0"
+# Replace with rubygems when nesteted entities get released
+gem "grape-entity", "~> 0.4.1", ref: 'd904381c951e86250c3f44213b349a3dd8e83fb1', git: 'https://github.com/intridea/grape-entity.git' 
 gem 'rack-cors', require: 'rack/cors'
 # Email validation
@@ -5,6 +5,15 @@ GIT
   specs:
     github-markup (0.7.6)
+GIT
+  remote: https://github.com/intridea/grape-entity.git
+  revision: d904381c951e86250c3f44213b349a3dd8e83fb1
+  ref: d904381c951e86250c3f44213b349a3dd8e83fb1
+  specs:
+    grape-entity (0.4.1)
+      activesupport
+      multi_json (>= 1.3.2)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -206,9 +215,6 @@ GEM
       rack-accept
       rack-mount
       virtus (>= 1.0.0)
-    grape-entity (0.3.0)
-      activesupport
-      multi_json (>= 1.3.2)
     growl (1.0.3)
     guard (2.2.4)
       formatador (>= 0.2.4)
@@ -596,7 +602,7 @@ DEPENDENCIES
   gitlab_omniauth-ldap (= 1.0.4)
   gon (~> 5.0.0)
   grape (~> 0.6.1)
-  grape-entity (~> 0.3.0)
+  grape-entity (~> 0.4.1)!
   growl
   guard-rspec
   guard-spinach
@@ -148,6 +148,16 @@ Parameters:
     "path": "diaspora",
     "updated_at": "2013-09-30T13: 46: 02Z"
   }
+  "permissions": {
+    "project_access": {
+      "access_level": 10,
+      "notification_level": 3
+    },
+    "group_access": {
+      "access_level": 50,
+      "notification_level": 3
+    }
+  }
 }
 ```
@@ -44,7 +44,7 @@ module API
       expose :id, :description, :default_branch
       expose :public?, as: :public
       expose :visibility_level, :ssh_url_to_repo, :http_url_to_repo, :web_url
-      expose :owner, using: Entities::UserBasic
+      expose :owner, using: Entities::UserBasic, unless: ->(project, options) { project.group }
       expose :name, :name_with_namespace
       expose :path, :path_with_namespace
       expose :issues_enabled, :merge_requests_enabled, :wall_enabled, :wiki_enabled, :snippets_enabled, :created_at, :last_activity_at
@@ -58,18 +58,6 @@ module API
       end
     end
-    class TeamMember < UserBasic
-      expose :permission, as: :access_level do |user, options|
-        options[:user_team].user_team_user_relationships.find_by(user_id: user.id).permission
-      end
-    end
-
-    class TeamProject < Project
-      expose :greatest_access, as: :greatest_access_level do |project, options|
-        options[:user_team].user_team_project_relationships.find_by(project_id: project.id).greatest_access
-      end
-    end
-
     class Group < Grape::Entity
       expose :id, :name, :path, :owner_id
     end
@@ -144,7 +132,7 @@ module API
     end
     class MergeRequest < ProjectEntity
-      expose :target_branch, :source_branch, :title, :state, :upvotes, :downvotes
+      expose :target_branch, :source_branch, :title, :state, :upvotes, :downvotes, :description
       expose :author, :assignee, using: Entities::UserBasic
       expose :source_project_id, :target_project_id
     end
@@ -175,5 +163,29 @@ module API
     class Namespace < Grape::Entity
       expose :id, :path, :kind
     end
+
+    class ProjectAccess < Grape::Entity
+      expose :project_access, as: :access_level
+      expose :notification_level
+    end
+
+    class GroupAccess < Grape::Entity
+      expose :group_access, as: :access_level
+      expose :notification_level
+    end
+
+    class ProjectWithAccess < Project
+      expose :permissions do
+        expose :project_access, using: Entities::ProjectAccess do |project, options|
+          project.users_projects.find_by(user_id: options[:user].id)
+        end
+
+        expose :group_access, using: Entities::GroupAccess do |project, options|
+          if project.group
+            project.group.users_groups.find_by(user_id: options[:user].id)
+          end
+        end
+      end
+    end
   end
 end
@@ -48,7 +48,7 @@ module API
       # Example Request:
       #   GET /projects/:id
       get ":id" do
-        present user_project, with: Entities::Project
+        present user_project, with: Entities::ProjectWithAccess, user: current_user
       end
       # Get a single project events
@@ -259,6 +259,7 @@ describe API::API do
   describe "GET /projects/:id" do
     before { project }
+    before { users_project }
     it "should return a project by id" do
       get api("/projects/#{project.id}", user)
@@ -284,6 +285,28 @@ describe API::API do
       get api("/projects/#{project.id}", other_user)
       response.status.should == 404
     end
+
+    describe 'permissions' do
+      context 'personal project' do
+        before { get api("/projects/#{project.id}", user) }
+
+        it { response.status.should == 200 }
+        it { json_response['permissions']["project_access"]["access_level"].should == Gitlab::Access::MASTER }
+        it { json_response['permissions']["group_access"].should be_nil }
+      end
+
+      context 'group project' do
+        before do
+          project2 = create(:project, group: create(:group))
+          project2.group.add_owner(user)
+          get api("/projects/#{project2.id}", user)
+        end
+
+        it { response.status.should == 200 }
+        it { json_response['permissions']["project_access"].should be_nil }
+        it { json_response['permissions']["group_access"]["access_level"].should == Gitlab::Access::OWNER }
+      end
+    end
   end
   describe "GET /projects/:id/events" do
	@@ -48,7 +48,8 @@ gem "gitlab-linguist", "~> 3.0.0", require: "linguist"		@@ -48,7 +48,8 @@ gem "gitlab-linguist", "~> 3.0.0", require: "linguist"
48		48
49	# API	49	# API
50	gem "grape", "~> 0.6.1"	50	gem "grape", "~> 0.6.1"
51	-gem "grape-entity", "~> 0.3.0"	51	+# Replace with rubygems when nesteted entities get released
		52	+gem "grape-entity", "~> 0.4.1", ref: 'd904381c951e86250c3f44213b349a3dd8e83fb1', git: 'https://github.com/intridea/grape-entity.git'
52	gem 'rack-cors', require: 'rack/cors'	53	gem 'rack-cors', require: 'rack/cors'
53		54
54	# Email validation	55	# Email validation
	@@ -5,6 +5,15 @@ GIT		@@ -5,6 +5,15 @@ GIT
5	specs:	5	specs:
6	github-markup (0.7.6)	6	github-markup (0.7.6)
7		7
		8	+GIT
		9	+ remote: https://github.com/intridea/grape-entity.git
		10	+ revision: d904381c951e86250c3f44213b349a3dd8e83fb1
		11	+ ref: d904381c951e86250c3f44213b349a3dd8e83fb1
		12	+ specs:
		13	+ grape-entity (0.4.1)
		14	+ activesupport
		15	+ multi_json (>= 1.3.2)
		16	+
8	GEM	17	GEM
9	remote: https://rubygems.org/	18	remote: https://rubygems.org/
10	specs:	19	specs:
	@@ -206,9 +215,6 @@ GEM		@@ -206,9 +215,6 @@ GEM
206	rack-accept	215	rack-accept
207	rack-mount	216	rack-mount
208	virtus (>= 1.0.0)	217	virtus (>= 1.0.0)
209	- grape-entity (0.3.0)
210	- activesupport
211	- multi_json (>= 1.3.2)
212	growl (1.0.3)	218	growl (1.0.3)
213	guard (2.2.4)	219	guard (2.2.4)
214	formatador (>= 0.2.4)	220	formatador (>= 0.2.4)
	@@ -596,7 +602,7 @@ DEPENDENCIES		@@ -596,7 +602,7 @@ DEPENDENCIES
596	gitlab_omniauth-ldap (= 1.0.4)	602	gitlab_omniauth-ldap (= 1.0.4)
597	gon (~> 5.0.0)	603	gon (~> 5.0.0)
598	grape (~> 0.6.1)	604	grape (~> 0.6.1)
599	- grape-entity (~> 0.3.0)	605	+ grape-entity (~> 0.4.1)!
600	growl	606	growl
601	guard-rspec	607	guard-rspec
602	guard-spinach	608	guard-spinach
	@@ -148,6 +148,16 @@ Parameters:		@@ -148,6 +148,16 @@ Parameters:
148	"path": "diaspora",	148	"path": "diaspora",
149	"updated_at": "2013-09-30T13: 46: 02Z"	149	"updated_at": "2013-09-30T13: 46: 02Z"
150	}	150	}
		151	+ "permissions": {
		152	+ "project_access": {
		153	+ "access_level": 10,
		154	+ "notification_level": 3
		155	+ },
		156	+ "group_access": {
		157	+ "access_level": 50,
		158	+ "notification_level": 3
		159	+ }
		160	+ }
151	}	161	}
152	```	162	```
153		163
	@@ -48,7 +48,7 @@ module API		@@ -48,7 +48,7 @@ module API
48	# Example Request:	48	# Example Request:
49	# GET /projects/:id	49	# GET /projects/:id
50	get ":id" do	50	get ":id" do
51	- present user_project, with: Entities::Project	51	+ present user_project, with: Entities::ProjectWithAccess, user: current_user
52	end	52	end
53		53
54	# Get a single project events	54	# Get a single project events
	@@ -259,6 +259,7 @@ describe API::API do		@@ -259,6 +259,7 @@ describe API::API do
259		259
260	describe "GET /projects/:id" do	260	describe "GET /projects/:id" do
261	before { project }	261	before { project }
		262	+ before { users_project }
262		263
263	it "should return a project by id" do	264	it "should return a project by id" do
264	get api("/projects/#{project.id}", user)	265	get api("/projects/#{project.id}", user)
	@@ -284,6 +285,28 @@ describe API::API do		@@ -284,6 +285,28 @@ describe API::API do
284	get api("/projects/#{project.id}", other_user)	285	get api("/projects/#{project.id}", other_user)
285	response.status.should == 404	286	response.status.should == 404
286	end	287	end
		288	+
		289	+ describe 'permissions' do
		290	+ context 'personal project' do
		291	+ before { get api("/projects/#{project.id}", user) }
		292	+
		293	+ it { response.status.should == 200 }
		294	+ it { json_response['permissions']["project_access"]["access_level"].should == Gitlab::Access::MASTER }
		295	+ it { json_response['permissions']["group_access"].should be_nil }
		296	+ end
		297	+
		298	+ context 'group project' do
		299	+ before do
		300	+ project2 = create(:project, group: create(:group))
		301	+ project2.group.add_owner(user)
		302	+ get api("/projects/#{project2.id}", user)
		303	+ end
		304	+
		305	+ it { response.status.should == 200 }
		306	+ it { json_response['permissions']["project_access"].should be_nil }
		307	+ it { json_response['permissions']["group_access"]["access_level"].should == Gitlab::Access::OWNER }
		308	+ end
		309	+ end
287	end	310	end
288		311
289	describe "GET /projects/:id/events" do	312	describe "GET /projects/:id/events" do