Move project members api to separate file

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Move project members api to separate file
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 7bce8748
Showing 6 changed files with 271 additions and 256 deletions Show diff stats
lib/api/api.rb
lib/api/project_hooks.rb
lib/api/project_members.rb
lib/api/projects.rb
spec/requests/api/project_members_spec.rb
spec/requests/api/projects_spec.rb
@@ -38,6 +38,7 @@ module API
     mount Internal
     mount SystemHooks
     mount ProjectSnippets
+    mount ProjectMembers
     mount DeployKeys
     mount ProjectHooks
     mount Services
@@ -5,15 +5,6 @@ module API
     before { authorize_admin_project }
  
     resource :projects do
-      helpers do
-        def handle_project_member_errors(errors)
-          if errors[:project_access].any?
-            error!(errors[:project_access], 422)
-          end
-          not_found!
-        end
-      end
-
       # Get project hooks
       #
       # Parameters:
@@ -0,0 +1,114 @@
+module API
+  # Projects members API
+  class ProjectMembers < Grape::API
+    before { authenticate! }
+
+    resource :projects do
+      helpers do
+        def handle_project_member_errors(errors)
+          if errors[:project_access].any?
+            error!(errors[:project_access], 422)
+          end
+          not_found!
+        end
+      end
+
+      # Get a project team members
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   query         - Query string
+      # Example Request:
+      #   GET /projects/:id/members
+      get ":id/members" do
+        if params[:query].present?
+          @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
+        else
+          @members = paginate user_project.users
+        end
+        present @members, with: Entities::ProjectMember, project: user_project
+      end
+
+      # Get a project team members
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a user
+      # Example Request:
+      #   GET /projects/:id/members/:user_id
+      get ":id/members/:user_id" do
+        @member = user_project.users.find params[:user_id]
+        present @member, with: Entities::ProjectMember, project: user_project
+      end
+
+      # Add a new project team member
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a user
+      #   access_level (required) - Project access level
+      # Example Request:
+      #   POST /projects/:id/members
+      post ":id/members" do
+        authorize! :admin_project, user_project
+        required_attributes! [:user_id, :access_level]
+
+        # either the user is already a team member or a new one
+        team_member = user_project.team_member_by_id(params[:user_id])
+        if team_member.nil?
+          team_member = user_project.users_projects.new(
+            user_id: params[:user_id],
+            project_access: params[:access_level]
+          )
+        end
+
+        if team_member.save
+          @member = team_member.user
+          present @member, with: Entities::ProjectMember, project: user_project
+        else
+          handle_project_member_errors team_member.errors
+        end
+      end
+
+      # Update project team member
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a team member
+      #   access_level (required) - Project access level
+      # Example Request:
+      #   PUT /projects/:id/members/:user_id
+      put ":id/members/:user_id" do
+        authorize! :admin_project, user_project
+        required_attributes! [:access_level]
+
+        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
+        not_found!("User can not be found") if team_member.nil?
+
+        if team_member.update_attributes(project_access: params[:access_level])
+          @member = team_member.user
+          present @member, with: Entities::ProjectMember, project: user_project
+        else
+          handle_project_member_errors team_member.errors
+        end
+      end
+
+      # Remove a team member from project
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a team member
+      # Example Request:
+      #   DELETE /projects/:id/members/:user_id
+      delete ":id/members/:user_id" do
+        authorize! :admin_project, user_project
+        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
+        unless team_member.nil?
+          team_member.destroy
+        else
+          {message: "Access revoked", id: params[:user_id].to_i}
+        end
+      end
+    end
+  end
+end
@@ -5,13 +5,6 @@ module API
  
     resource :projects do
       helpers do
-        def handle_project_member_errors(errors)
-          if errors[:project_access].any?
-            error!(errors[:project_access], 422)
-          end
-          not_found!
-        end
-
         def map_public_to_visibility_level(attrs)
           publik = attrs.delete(:public)
           publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik)
@@ -196,104 +189,6 @@ module API
           user_project.forked_project_link.destroy
         end
       end
-
-      # Get a project team members
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   query         - Query string
-      # Example Request:
-      #   GET /projects/:id/members
-      get ":id/members" do
-        if params[:query].present?
-          @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
-        else
-          @members = paginate user_project.users
-        end
-        present @members, with: Entities::ProjectMember, project: user_project
-      end
-
-      # Get a project team members
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a user
-      # Example Request:
-      #   GET /projects/:id/members/:user_id
-      get ":id/members/:user_id" do
-        @member = user_project.users.find params[:user_id]
-        present @member, with: Entities::ProjectMember, project: user_project
-      end
-
-      # Add a new project team member
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a user
-      #   access_level (required) - Project access level
-      # Example Request:
-      #   POST /projects/:id/members
-      post ":id/members" do
-        authorize! :admin_project, user_project
-        required_attributes! [:user_id, :access_level]
-
-        # either the user is already a team member or a new one
-        team_member = user_project.team_member_by_id(params[:user_id])
-        if team_member.nil?
-          team_member = user_project.users_projects.new(
-            user_id: params[:user_id],
-            project_access: params[:access_level]
-          )
-        end
-
-        if team_member.save
-          @member = team_member.user
-          present @member, with: Entities::ProjectMember, project: user_project
-        else
-          handle_project_member_errors team_member.errors
-        end
-      end
-
-      # Update project team member
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a team member
-      #   access_level (required) - Project access level
-      # Example Request:
-      #   PUT /projects/:id/members/:user_id
-      put ":id/members/:user_id" do
-        authorize! :admin_project, user_project
-        required_attributes! [:access_level]
-
-        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
-        not_found!("User can not be found") if team_member.nil?
-
-        if team_member.update_attributes(project_access: params[:access_level])
-          @member = team_member.user
-          present @member, with: Entities::ProjectMember, project: user_project
-        else
-          handle_project_member_errors team_member.errors
-        end
-      end
-
-      # Remove a team member from project
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a team member
-      # Example Request:
-      #   DELETE /projects/:id/members/:user_id
-      delete ":id/members/:user_id" do
-        authorize! :admin_project, user_project
-        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
-        unless team_member.nil?
-          team_member.destroy
-        else
-          {message: "Access revoked", id: params[:user_id].to_i}
-        end
-      end
-
       # search for projects current_user has access to
       #
       # Parameters:
@@ -0,0 +1,156 @@
+require 'spec_helper'
+
+describe API::API do
+  include ApiHelpers
+  before(:each) { enable_observers }
+  after(:each) { disable_observers }
+
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:user3) { create(:user) }
+  let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
+  let(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
+  let(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
+
+  describe "GET /projects/:id/members" do
+    before { users_project }
+    before { users_project2 }
+
+    it "should return project team members" do
+      get api("/projects/#{project.id}/members", user)
+      response.status.should == 200
+      json_response.should be_an Array
+      json_response.count.should == 2
+      json_response.map { |u| u['email'] }.should include user.email
+    end
+
+    it "finds team members with query string" do
+      get api("/projects/#{project.id}/members", user), query: user.username
+      response.status.should == 200
+      json_response.should be_an Array
+      json_response.count.should == 1
+      json_response.first['email'].should == user.email
+    end
+
+    it "should return a 404 error if id not found" do
+      get api("/projects/9999/members", user)
+      response.status.should == 404
+    end
+  end
+
+  describe "GET /projects/:id/members/:user_id" do
+    before { users_project }
+
+    it "should return project team member" do
+      get api("/projects/#{project.id}/members/#{user.id}", user)
+      response.status.should == 200
+      json_response['email'].should == user.email
+      json_response['access_level'].should == UsersProject::MASTER
+    end
+
+    it "should return a 404 error if user id not found" do
+      get api("/projects/#{project.id}/members/1234", user)
+      response.status.should == 404
+    end
+  end
+
+  describe "POST /projects/:id/members" do
+    it "should add user to project team" do
+      expect {
+        post api("/projects/#{project.id}/members", user), user_id: user2.id,
+          access_level: UsersProject::DEVELOPER
+      }.to change { UsersProject.count }.by(1)
+
+      response.status.should == 201
+      json_response['email'].should == user2.email
+      json_response['access_level'].should == UsersProject::DEVELOPER
+    end
+
+    it "should return a 201 status if user is already project member" do
+      post api("/projects/#{project.id}/members", user), user_id: user2.id,
+        access_level: UsersProject::DEVELOPER
+      expect {
+        post api("/projects/#{project.id}/members", user), user_id: user2.id,
+          access_level: UsersProject::DEVELOPER
+      }.not_to change { UsersProject.count }.by(1)
+
+      response.status.should == 201
+      json_response['email'].should == user2.email
+      json_response['access_level'].should == UsersProject::DEVELOPER
+    end
+
+    it "should return a 400 error when user id is not given" do
+      post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
+      response.status.should == 400
+    end
+
+    it "should return a 400 error when access level is not given" do
+      post api("/projects/#{project.id}/members", user), user_id: user2.id
+      response.status.should == 400
+    end
+
+    it "should return a 422 error when access level is not known" do
+      post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
+      response.status.should == 422
+    end
+  end
+
+  describe "PUT /projects/:id/members/:user_id" do
+    before { users_project2 }
+
+    it "should update project team member" do
+      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
+      response.status.should == 200
+      json_response['email'].should == user3.email
+      json_response['access_level'].should == UsersProject::MASTER
+    end
+
+    it "should return a 404 error if user_id is not found" do
+      put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
+      response.status.should == 404
+    end
+
+    it "should return a 400 error when access level is not given" do
+      put api("/projects/#{project.id}/members/#{user3.id}", user)
+      response.status.should == 400
+    end
+
+    it "should return a 422 error when access level is not known" do
+      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
+      response.status.should == 422
+    end
+  end
+
+  describe "DELETE /projects/:id/members/:user_id" do
+    before { users_project }
+    before { users_project2 }
+
+    it "should remove user from project team" do
+      expect {
+        delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      }.to change { UsersProject.count }.by(-1)
+    end
+
+    it "should return 200 if team member is not part of a project" do
+      delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      expect {
+        delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      }.to_not change { UsersProject.count }.by(1)
+    end
+
+    it "should return 200 if team member already removed" do
+      delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      response.status.should == 200
+    end
+
+    it "should return 200 OK when the user was not member" do
+      expect {
+        delete api("/projects/#{project.id}/members/1000000", user)
+      }.to change { UsersProject.count }.by(0)
+      response.status.should == 200
+      json_response['message'].should == "Access revoked"
+      json_response['id'].should == 1000000
+    end
+  end
+end
@@ -311,148 +311,6 @@ describe API::API do
     end
   end
  
-  describe "GET /projects/:id/members" do
-    before { users_project }
-    before { users_project2 }
-
-    it "should return project team members" do
-      get api("/projects/#{project.id}/members", user)
-      response.status.should == 200
-      json_response.should be_an Array
-      json_response.count.should == 2
-      json_response.map { |u| u['email'] }.should include user.email
-    end
-
-    it "finds team members with query string" do
-      get api("/projects/#{project.id}/members", user), query: user.username
-      response.status.should == 200
-      json_response.should be_an Array
-      json_response.count.should == 1
-      json_response.first['email'].should == user.email
-    end
-
-    it "should return a 404 error if id not found" do
-      get api("/projects/9999/members", user)
-      response.status.should == 404
-    end
-  end
-
-  describe "GET /projects/:id/members/:user_id" do
-    before { users_project }
-
-    it "should return project team member" do
-      get api("/projects/#{project.id}/members/#{user.id}", user)
-      response.status.should == 200
-      json_response['email'].should == user.email
-      json_response['access_level'].should == UsersProject::MASTER
-    end
-
-    it "should return a 404 error if user id not found" do
-      get api("/projects/#{project.id}/members/1234", user)
-      response.status.should == 404
-    end
-  end
-
-  describe "POST /projects/:id/members" do
-    it "should add user to project team" do
-      expect {
-        post api("/projects/#{project.id}/members", user), user_id: user2.id,
-          access_level: UsersProject::DEVELOPER
-      }.to change { UsersProject.count }.by(1)
-
-      response.status.should == 201
-      json_response['email'].should == user2.email
-      json_response['access_level'].should == UsersProject::DEVELOPER
-    end
-
-    it "should return a 201 status if user is already project member" do
-      post api("/projects/#{project.id}/members", user), user_id: user2.id,
-        access_level: UsersProject::DEVELOPER
-      expect {
-        post api("/projects/#{project.id}/members", user), user_id: user2.id,
-          access_level: UsersProject::DEVELOPER
-      }.not_to change { UsersProject.count }.by(1)
-
-      response.status.should == 201
-      json_response['email'].should == user2.email
-      json_response['access_level'].should == UsersProject::DEVELOPER
-    end
-
-    it "should return a 400 error when user id is not given" do
-      post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
-      response.status.should == 400
-    end
-
-    it "should return a 400 error when access level is not given" do
-      post api("/projects/#{project.id}/members", user), user_id: user2.id
-      response.status.should == 400
-    end
-
-    it "should return a 422 error when access level is not known" do
-      post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
-      response.status.should == 422
-    end
-  end
-
-  describe "PUT /projects/:id/members/:user_id" do
-    before { users_project2 }
-
-    it "should update project team member" do
-      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
-      response.status.should == 200
-      json_response['email'].should == user3.email
-      json_response['access_level'].should == UsersProject::MASTER
-    end
-
-    it "should return a 404 error if user_id is not found" do
-      put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
-      response.status.should == 404
-    end
-
-    it "should return a 400 error when access level is not given" do
-      put api("/projects/#{project.id}/members/#{user3.id}", user)
-      response.status.should == 400
-    end
-
-    it "should return a 422 error when access level is not known" do
-      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
-      response.status.should == 422
-    end
-  end
-
-  describe "DELETE /projects/:id/members/:user_id" do
-    before { users_project }
-    before { users_project2 }
-
-    it "should remove user from project team" do
-      expect {
-        delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      }.to change { UsersProject.count }.by(-1)
-    end
-
-    it "should return 200 if team member is not part of a project" do
-      delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      expect {
-        delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      }.to_not change { UsersProject.count }.by(1)
-    end
-
-    it "should return 200 if team member already removed" do
-      delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      response.status.should == 200
-    end
-
-    it "should return 200 OK when the user was not member" do
-      expect {
-        delete api("/projects/#{project.id}/members/1000000", user)
-      }.to change { UsersProject.count }.by(0)
-      response.status.should == 200
-      json_response['message'].should == "Access revoked"
-      json_response['id'].should == 1000000
-    end
-  end
-
   describe "GET /projects/:id/snippets" do
     before { snippet }
...	...	@@ -38,6 +38,7 @@ module API
38	38	mount Internal
39	39	mount SystemHooks
40	40	mount ProjectSnippets
	41	+ mount ProjectMembers
41	42	mount DeployKeys
42	43	mount ProjectHooks
43	44	mount Services
...	...
...	...	@@ -5,15 +5,6 @@ module API
5	5	before { authorize_admin_project }
6	6
7	7	resource :projects do
8		- helpers do
9		- def handle_project_member_errors(errors)
10		- if errors[:project_access].any?
11		- error!(errors[:project_access], 422)
12		- end
13		- not_found!
14		- end
15		- end
16		-
17	8	# Get project hooks
18	9	#
19	10	# Parameters:
...	...
...	...	@@ -0,0 +1,114 @@
	1	+module API
	2	+ # Projects members API
	3	+ class ProjectMembers < Grape::API
	4	+ before { authenticate! }
	5	+
	6	+ resource :projects do
	7	+ helpers do
	8	+ def handle_project_member_errors(errors)
	9	+ if errors[:project_access].any?
	10	+ error!(errors[:project_access], 422)
	11	+ end
	12	+ not_found!
	13	+ end
	14	+ end
	15	+
	16	+ # Get a project team members
	17	+ #
	18	+ # Parameters:
	19	+ # id (required) - The ID of a project
	20	+ # query - Query string
	21	+ # Example Request:
	22	+ # GET /projects/:id/members
	23	+ get ":id/members" do
	24	+ if params[:query].present?
	25	+ @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
	26	+ else
	27	+ @members = paginate user_project.users
	28	+ end
	29	+ present @members, with: Entities::ProjectMember, project: user_project
	30	+ end
	31	+
	32	+ # Get a project team members
	33	+ #
	34	+ # Parameters:
	35	+ # id (required) - The ID of a project
	36	+ # user_id (required) - The ID of a user
	37	+ # Example Request:
	38	+ # GET /projects/:id/members/:user_id
	39	+ get ":id/members/:user_id" do
	40	+ @member = user_project.users.find params[:user_id]
	41	+ present @member, with: Entities::ProjectMember, project: user_project
	42	+ end
	43	+
	44	+ # Add a new project team member
	45	+ #
	46	+ # Parameters:
	47	+ # id (required) - The ID of a project
	48	+ # user_id (required) - The ID of a user
	49	+ # access_level (required) - Project access level
	50	+ # Example Request:
	51	+ # POST /projects/:id/members
	52	+ post ":id/members" do
	53	+ authorize! :admin_project, user_project
	54	+ required_attributes! [:user_id, :access_level]
	55	+
	56	+ # either the user is already a team member or a new one
	57	+ team_member = user_project.team_member_by_id(params[:user_id])
	58	+ if team_member.nil?
	59	+ team_member = user_project.users_projects.new(
	60	+ user_id: params[:user_id],
	61	+ project_access: params[:access_level]
	62	+ )
	63	+ end
	64	+
	65	+ if team_member.save
	66	+ @member = team_member.user
	67	+ present @member, with: Entities::ProjectMember, project: user_project
	68	+ else
	69	+ handle_project_member_errors team_member.errors
	70	+ end
	71	+ end
	72	+
	73	+ # Update project team member
	74	+ #
	75	+ # Parameters:
	76	+ # id (required) - The ID of a project
	77	+ # user_id (required) - The ID of a team member
	78	+ # access_level (required) - Project access level
	79	+ # Example Request:
	80	+ # PUT /projects/:id/members/:user_id
	81	+ put ":id/members/:user_id" do
	82	+ authorize! :admin_project, user_project
	83	+ required_attributes! [:access_level]
	84	+
	85	+ team_member = user_project.users_projects.find_by(user_id: params[:user_id])
	86	+ not_found!("User can not be found") if team_member.nil?
	87	+
	88	+ if team_member.update_attributes(project_access: params[:access_level])
	89	+ @member = team_member.user
	90	+ present @member, with: Entities::ProjectMember, project: user_project
	91	+ else
	92	+ handle_project_member_errors team_member.errors
	93	+ end
	94	+ end
	95	+
	96	+ # Remove a team member from project
	97	+ #
	98	+ # Parameters:
	99	+ # id (required) - The ID of a project
	100	+ # user_id (required) - The ID of a team member
	101	+ # Example Request:
	102	+ # DELETE /projects/:id/members/:user_id
	103	+ delete ":id/members/:user_id" do
	104	+ authorize! :admin_project, user_project
	105	+ team_member = user_project.users_projects.find_by(user_id: params[:user_id])
	106	+ unless team_member.nil?
	107	+ team_member.destroy
	108	+ else
	109	+ {message: "Access revoked", id: params[:user_id].to_i}
	110	+ end
	111	+ end
	112	+ end
	113	+ end
	114	+end
...	...
...	...	@@ -5,13 +5,6 @@ module API
5	5
6	6	resource :projects do
7	7	helpers do
8		- def handle_project_member_errors(errors)
9		- if errors[:project_access].any?
10		- error!(errors[:project_access], 422)
11		- end
12		- not_found!
13		- end
14		-
15	8	def map_public_to_visibility_level(attrs)
16	9	publik = attrs.delete(:public)
17	10	publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik)
...	...	@@ -196,104 +189,6 @@ module API
196	189	user_project.forked_project_link.destroy
197	190	end
198	191	end
199		-
200		- # Get a project team members
201		- #
202		- # Parameters:
203		- # id (required) - The ID of a project
204		- # query - Query string
205		- # Example Request:
206		- # GET /projects/:id/members
207		- get ":id/members" do
208		- if params[:query].present?
209		- @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
210		- else
211		- @members = paginate user_project.users
212		- end
213		- present @members, with: Entities::ProjectMember, project: user_project
214		- end
215		-
216		- # Get a project team members
217		- #
218		- # Parameters:
219		- # id (required) - The ID of a project
220		- # user_id (required) - The ID of a user
221		- # Example Request:
222		- # GET /projects/:id/members/:user_id
223		- get ":id/members/:user_id" do
224		- @member = user_project.users.find params[:user_id]
225		- present @member, with: Entities::ProjectMember, project: user_project
226		- end
227		-
228		- # Add a new project team member
229		- #
230		- # Parameters:
231		- # id (required) - The ID of a project
232		- # user_id (required) - The ID of a user
233		- # access_level (required) - Project access level
234		- # Example Request:
235		- # POST /projects/:id/members
236		- post ":id/members" do
237		- authorize! :admin_project, user_project
238		- required_attributes! [:user_id, :access_level]
239		-
240		- # either the user is already a team member or a new one
241		- team_member = user_project.team_member_by_id(params[:user_id])
242		- if team_member.nil?
243		- team_member = user_project.users_projects.new(
244		- user_id: params[:user_id],
245		- project_access: params[:access_level]
246		- )
247		- end
248		-
249		- if team_member.save
250		- @member = team_member.user
251		- present @member, with: Entities::ProjectMember, project: user_project
252		- else
253		- handle_project_member_errors team_member.errors
254		- end
255		- end
256		-
257		- # Update project team member
258		- #
259		- # Parameters:
260		- # id (required) - The ID of a project
261		- # user_id (required) - The ID of a team member
262		- # access_level (required) - Project access level
263		- # Example Request:
264		- # PUT /projects/:id/members/:user_id
265		- put ":id/members/:user_id" do
266		- authorize! :admin_project, user_project
267		- required_attributes! [:access_level]
268		-
269		- team_member = user_project.users_projects.find_by(user_id: params[:user_id])
270		- not_found!("User can not be found") if team_member.nil?
271		-
272		- if team_member.update_attributes(project_access: params[:access_level])
273		- @member = team_member.user
274		- present @member, with: Entities::ProjectMember, project: user_project
275		- else
276		- handle_project_member_errors team_member.errors
277		- end
278		- end
279		-
280		- # Remove a team member from project
281		- #
282		- # Parameters:
283		- # id (required) - The ID of a project
284		- # user_id (required) - The ID of a team member
285		- # Example Request:
286		- # DELETE /projects/:id/members/:user_id
287		- delete ":id/members/:user_id" do
288		- authorize! :admin_project, user_project
289		- team_member = user_project.users_projects.find_by(user_id: params[:user_id])
290		- unless team_member.nil?
291		- team_member.destroy
292		- else
293		- {message: "Access revoked", id: params[:user_id].to_i}
294		- end
295		- end
296		-
297	192	# search for projects current_user has access to
298	193	#
299	194	# Parameters:
...	...
...	...	@@ -0,0 +1,156 @@
	1	+require 'spec_helper'
	2	+
	3	+describe API::API do
	4	+ include ApiHelpers
	5	+ before(:each) { enable_observers }
	6	+ after(:each) { disable_observers }
	7	+
	8	+ let(:user) { create(:user) }
	9	+ let(:user2) { create(:user) }
	10	+ let(:user3) { create(:user) }
	11	+ let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
	12	+ let(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
	13	+ let(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
	14	+
	15	+ describe "GET /projects/:id/members" do
	16	+ before { users_project }
	17	+ before { users_project2 }
	18	+
	19	+ it "should return project team members" do
	20	+ get api("/projects/#{project.id}/members", user)
	21	+ response.status.should == 200
	22	+ json_response.should be_an Array
	23	+ json_response.count.should == 2
	24	+ json_response.map { \|u\| u['email'] }.should include user.email
	25	+ end
	26	+
	27	+ it "finds team members with query string" do
	28	+ get api("/projects/#{project.id}/members", user), query: user.username
	29	+ response.status.should == 200
	30	+ json_response.should be_an Array
	31	+ json_response.count.should == 1
	32	+ json_response.first['email'].should == user.email
	33	+ end
	34	+
	35	+ it "should return a 404 error if id not found" do
	36	+ get api("/projects/9999/members", user)
	37	+ response.status.should == 404
	38	+ end
	39	+ end
	40	+
	41	+ describe "GET /projects/:id/members/:user_id" do
	42	+ before { users_project }
	43	+
	44	+ it "should return project team member" do
	45	+ get api("/projects/#{project.id}/members/#{user.id}", user)
	46	+ response.status.should == 200
	47	+ json_response['email'].should == user.email
	48	+ json_response['access_level'].should == UsersProject::MASTER
	49	+ end
	50	+
	51	+ it "should return a 404 error if user id not found" do
	52	+ get api("/projects/#{project.id}/members/1234", user)
	53	+ response.status.should == 404
	54	+ end
	55	+ end
	56	+
	57	+ describe "POST /projects/:id/members" do
	58	+ it "should add user to project team" do
	59	+ expect {
	60	+ post api("/projects/#{project.id}/members", user), user_id: user2.id,
	61	+ access_level: UsersProject::DEVELOPER
	62	+ }.to change { UsersProject.count }.by(1)
	63	+
	64	+ response.status.should == 201
	65	+ json_response['email'].should == user2.email
	66	+ json_response['access_level'].should == UsersProject::DEVELOPER
	67	+ end
	68	+
	69	+ it "should return a 201 status if user is already project member" do
	70	+ post api("/projects/#{project.id}/members", user), user_id: user2.id,
	71	+ access_level: UsersProject::DEVELOPER
	72	+ expect {
	73	+ post api("/projects/#{project.id}/members", user), user_id: user2.id,
	74	+ access_level: UsersProject::DEVELOPER
	75	+ }.not_to change { UsersProject.count }.by(1)
	76	+
	77	+ response.status.should == 201
	78	+ json_response['email'].should == user2.email
	79	+ json_response['access_level'].should == UsersProject::DEVELOPER
	80	+ end
	81	+
	82	+ it "should return a 400 error when user id is not given" do
	83	+ post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
	84	+ response.status.should == 400
	85	+ end
	86	+
	87	+ it "should return a 400 error when access level is not given" do
	88	+ post api("/projects/#{project.id}/members", user), user_id: user2.id
	89	+ response.status.should == 400
	90	+ end
	91	+
	92	+ it "should return a 422 error when access level is not known" do
	93	+ post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
	94	+ response.status.should == 422
	95	+ end
	96	+ end
	97	+
	98	+ describe "PUT /projects/:id/members/:user_id" do
	99	+ before { users_project2 }
	100	+
	101	+ it "should update project team member" do
	102	+ put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
	103	+ response.status.should == 200
	104	+ json_response['email'].should == user3.email
	105	+ json_response['access_level'].should == UsersProject::MASTER
	106	+ end
	107	+
	108	+ it "should return a 404 error if user_id is not found" do
	109	+ put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
	110	+ response.status.should == 404
	111	+ end
	112	+
	113	+ it "should return a 400 error when access level is not given" do
	114	+ put api("/projects/#{project.id}/members/#{user3.id}", user)
	115	+ response.status.should == 400
	116	+ end
	117	+
	118	+ it "should return a 422 error when access level is not known" do
	119	+ put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
	120	+ response.status.should == 422
	121	+ end
	122	+ end
	123	+
	124	+ describe "DELETE /projects/:id/members/:user_id" do
	125	+ before { users_project }
	126	+ before { users_project2 }
	127	+
	128	+ it "should remove user from project team" do
	129	+ expect {
	130	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	131	+ }.to change { UsersProject.count }.by(-1)
	132	+ end
	133	+
	134	+ it "should return 200 if team member is not part of a project" do
	135	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	136	+ expect {
	137	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	138	+ }.to_not change { UsersProject.count }.by(1)
	139	+ end
	140	+
	141	+ it "should return 200 if team member already removed" do
	142	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	143	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	144	+ response.status.should == 200
	145	+ end
	146	+
	147	+ it "should return 200 OK when the user was not member" do
	148	+ expect {
	149	+ delete api("/projects/#{project.id}/members/1000000", user)
	150	+ }.to change { UsersProject.count }.by(0)
	151	+ response.status.should == 200
	152	+ json_response['message'].should == "Access revoked"
	153	+ json_response['id'].should == 1000000
	154	+ end
	155	+ end
	156	+end
...	...
...	...	@@ -311,148 +311,6 @@ describe API::API do
311	311	end
312	312	end
313	313
314		- describe "GET /projects/:id/members" do
315		- before { users_project }
316		- before { users_project2 }
317		-
318		- it "should return project team members" do
319		- get api("/projects/#{project.id}/members", user)
320		- response.status.should == 200
321		- json_response.should be_an Array
322		- json_response.count.should == 2
323		- json_response.map { \|u\| u['email'] }.should include user.email
324		- end
325		-
326		- it "finds team members with query string" do
327		- get api("/projects/#{project.id}/members", user), query: user.username
328		- response.status.should == 200
329		- json_response.should be_an Array
330		- json_response.count.should == 1
331		- json_response.first['email'].should == user.email
332		- end
333		-
334		- it "should return a 404 error if id not found" do
335		- get api("/projects/9999/members", user)
336		- response.status.should == 404
337		- end
338		- end
339		-
340		- describe "GET /projects/:id/members/:user_id" do
341		- before { users_project }
342		-
343		- it "should return project team member" do
344		- get api("/projects/#{project.id}/members/#{user.id}", user)
345		- response.status.should == 200
346		- json_response['email'].should == user.email
347		- json_response['access_level'].should == UsersProject::MASTER
348		- end
349		-
350		- it "should return a 404 error if user id not found" do
351		- get api("/projects/#{project.id}/members/1234", user)
352		- response.status.should == 404
353		- end
354		- end
355		-
356		- describe "POST /projects/:id/members" do
357		- it "should add user to project team" do
358		- expect {
359		- post api("/projects/#{project.id}/members", user), user_id: user2.id,
360		- access_level: UsersProject::DEVELOPER
361		- }.to change { UsersProject.count }.by(1)
362		-
363		- response.status.should == 201
364		- json_response['email'].should == user2.email
365		- json_response['access_level'].should == UsersProject::DEVELOPER
366		- end
367		-
368		- it "should return a 201 status if user is already project member" do
369		- post api("/projects/#{project.id}/members", user), user_id: user2.id,
370		- access_level: UsersProject::DEVELOPER
371		- expect {
372		- post api("/projects/#{project.id}/members", user), user_id: user2.id,
373		- access_level: UsersProject::DEVELOPER
374		- }.not_to change { UsersProject.count }.by(1)
375		-
376		- response.status.should == 201
377		- json_response['email'].should == user2.email
378		- json_response['access_level'].should == UsersProject::DEVELOPER
379		- end
380		-
381		- it "should return a 400 error when user id is not given" do
382		- post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
383		- response.status.should == 400
384		- end
385		-
386		- it "should return a 400 error when access level is not given" do
387		- post api("/projects/#{project.id}/members", user), user_id: user2.id
388		- response.status.should == 400
389		- end
390		-
391		- it "should return a 422 error when access level is not known" do
392		- post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
393		- response.status.should == 422
394		- end
395		- end
396		-
397		- describe "PUT /projects/:id/members/:user_id" do
398		- before { users_project2 }
399		-
400		- it "should update project team member" do
401		- put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
402		- response.status.should == 200
403		- json_response['email'].should == user3.email
404		- json_response['access_level'].should == UsersProject::MASTER
405		- end
406		-
407		- it "should return a 404 error if user_id is not found" do
408		- put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
409		- response.status.should == 404
410		- end
411		-
412		- it "should return a 400 error when access level is not given" do
413		- put api("/projects/#{project.id}/members/#{user3.id}", user)
414		- response.status.should == 400
415		- end
416		-
417		- it "should return a 422 error when access level is not known" do
418		- put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
419		- response.status.should == 422
420		- end
421		- end
422		-
423		- describe "DELETE /projects/:id/members/:user_id" do
424		- before { users_project }
425		- before { users_project2 }
426		-
427		- it "should remove user from project team" do
428		- expect {
429		- delete api("/projects/#{project.id}/members/#{user3.id}", user)
430		- }.to change { UsersProject.count }.by(-1)
431		- end
432		-
433		- it "should return 200 if team member is not part of a project" do
434		- delete api("/projects/#{project.id}/members/#{user3.id}", user)
435		- expect {
436		- delete api("/projects/#{project.id}/members/#{user3.id}", user)
437		- }.to_not change { UsersProject.count }.by(1)
438		- end
439		-
440		- it "should return 200 if team member already removed" do
441		- delete api("/projects/#{project.id}/members/#{user3.id}", user)
442		- delete api("/projects/#{project.id}/members/#{user3.id}", user)
443		- response.status.should == 200
444		- end
445		-
446		- it "should return 200 OK when the user was not member" do
447		- expect {
448		- delete api("/projects/#{project.id}/members/1000000", user)
449		- }.to change { UsersProject.count }.by(0)
450		- response.status.should == 200
451		- json_response['message'].should == "Access revoked"
452		- json_response['id'].should == 1000000
453		- end
454		- end
455		-
456	314	describe "GET /projects/:id/snippets" do
457	315	before { snippet }
458	316
...	...