Commit 149ccd5d91abf0c4b7ec610c03ad46a8ad17eec2
1 parent
fc0c6928
Exists in
master
and in
4 other branches
Fix groups api: differ between users and admin
Showing
2 changed files
with
50 additions
and
44 deletions
Show diff stats
lib/api/entities.rb
lib/api/groups.rb
| ... | ... | @@ -2,49 +2,55 @@ module Gitlab |
| 2 | 2 | # groups API |
| 3 | 3 | class Groups < Grape::API |
| 4 | 4 | before { authenticate! } |
| 5 | - | |
| 6 | - resource :groups do | |
| 7 | - # Get a groups list | |
| 8 | - # | |
| 9 | - # Example Request: | |
| 10 | - # GET /groups | |
| 11 | - get do | |
| 12 | - @groups = paginate Group | |
| 13 | - present @groups, with: Entities::Group | |
| 14 | 5 | |
| 15 | - end | |
| 16 | - | |
| 17 | - # Create group. Available only for admin | |
| 18 | - # | |
| 19 | - # Parameters: | |
| 20 | - # name (required) - Name | |
| 21 | - # path (required) - Path | |
| 22 | - # Example Request: | |
| 23 | - # POST /groups | |
| 24 | - post do | |
| 25 | - authenticated_as_admin! | |
| 26 | - attrs = attributes_for_keys [:name, :path] | |
| 27 | - @group = Group.new(attrs) | |
| 28 | - @group.owner = current_user | |
| 29 | - | |
| 30 | - if @group.save | |
| 31 | - present @group, with: Entities::Group | |
| 32 | - else | |
| 33 | - not_found! | |
| 34 | - end | |
| 35 | - end | |
| 36 | - | |
| 37 | - # Get a single group, with containing projects | |
| 38 | - # | |
| 39 | - # Parameters: | |
| 40 | - # id (required) - The ID of a group | |
| 41 | - # Example Request: | |
| 42 | - # GET /groups/:id | |
| 43 | - get ":id" do | |
| 44 | - @group = Group.find(params[:id]) | |
| 45 | - present @group, with: Entities::GroupDetail | |
| 46 | - end | |
| 47 | - | |
| 48 | - end | |
| 6 | + resource :groups do | |
| 7 | + # Get a groups list | |
| 8 | + # | |
| 9 | + # Example Request: | |
| 10 | + # GET /groups | |
| 11 | + get do | |
| 12 | + if current_user.admin | |
| 13 | + @groups = paginate Group | |
| 14 | + else | |
| 15 | + @groups = paginate current_user.groups | |
| 16 | + end | |
| 17 | + present @groups, with: Entities::Group | |
| 18 | + end | |
| 19 | + | |
| 20 | + # Create group. Available only for admin | |
| 21 | + # | |
| 22 | + # Parameters: | |
| 23 | + # name (required) - Name | |
| 24 | + # path (required) - Path | |
| 25 | + # Example Request: | |
| 26 | + # POST /groups | |
| 27 | + post do | |
| 28 | + authenticated_as_admin! | |
| 29 | + attrs = attributes_for_keys [:name, :path] | |
| 30 | + @group = Group.new(attrs) | |
| 31 | + @group.owner = current_user | |
| 32 | + | |
| 33 | + if @group.save | |
| 34 | + present @group, with: Entities::Group | |
| 35 | + else | |
| 36 | + not_found! | |
| 37 | + end | |
| 38 | + end | |
| 39 | + | |
| 40 | + # Get a single group, with containing projects | |
| 41 | + # | |
| 42 | + # Parameters: | |
| 43 | + # id (required) - The ID of a group | |
| 44 | + # Example Request: | |
| 45 | + # GET /groups/:id | |
| 46 | + get ":id" do | |
| 47 | + @group = Group.find(params[:id]) | |
| 48 | + if current_user.admin or current_user.groups.include? @group | |
| 49 | + present @group, with: Entities::GroupDetail | |
| 50 | + else | |
| 51 | + not_found! | |
| 52 | + end | |
| 53 | + end | |
| 54 | + end | |
| 49 | 55 | end |
| 50 | 56 | end | ... | ... |