Move project members api to separate file

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Move project members api to separate file
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent 7bce8748
Showing 6 changed files with 271 additions and 256 deletions Show diff stats
lib/api/api.rb
lib/api/project_hooks.rb
lib/api/project_members.rb
lib/api/projects.rb
spec/requests/api/project_members_spec.rb
spec/requests/api/projects_spec.rb
@@ -38,6 +38,7 @@ module API
     mount Internal
     mount SystemHooks
     mount ProjectSnippets
+    mount ProjectMembers
     mount DeployKeys
     mount ProjectHooks
     mount Services
@@ -5,15 +5,6 @@ module API
     before { authorize_admin_project }
     resource :projects do
-      helpers do
-        def handle_project_member_errors(errors)
-          if errors[:project_access].any?
-            error!(errors[:project_access], 422)
-          end
-          not_found!
-        end
-      end
-
       # Get project hooks
       #
       # Parameters:
@@ -0,0 +1,114 @@
+module API
+  # Projects members API
+  class ProjectMembers < Grape::API
+    before { authenticate! }
+
+    resource :projects do
+      helpers do
+        def handle_project_member_errors(errors)
+          if errors[:project_access].any?
+            error!(errors[:project_access], 422)
+          end
+          not_found!
+        end
+      end
+
+      # Get a project team members
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   query         - Query string
+      # Example Request:
+      #   GET /projects/:id/members
+      get ":id/members" do
+        if params[:query].present?
+          @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
+        else
+          @members = paginate user_project.users
+        end
+        present @members, with: Entities::ProjectMember, project: user_project
+      end
+
+      # Get a project team members
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a user
+      # Example Request:
+      #   GET /projects/:id/members/:user_id
+      get ":id/members/:user_id" do
+        @member = user_project.users.find params[:user_id]
+        present @member, with: Entities::ProjectMember, project: user_project
+      end
+
+      # Add a new project team member
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a user
+      #   access_level (required) - Project access level
+      # Example Request:
+      #   POST /projects/:id/members
+      post ":id/members" do
+        authorize! :admin_project, user_project
+        required_attributes! [:user_id, :access_level]
+
+        # either the user is already a team member or a new one
+        team_member = user_project.team_member_by_id(params[:user_id])
+        if team_member.nil?
+          team_member = user_project.users_projects.new(
+            user_id: params[:user_id],
+            project_access: params[:access_level]
+          )
+        end
+
+        if team_member.save
+          @member = team_member.user
+          present @member, with: Entities::ProjectMember, project: user_project
+        else
+          handle_project_member_errors team_member.errors
+        end
+      end
+
+      # Update project team member
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a team member
+      #   access_level (required) - Project access level
+      # Example Request:
+      #   PUT /projects/:id/members/:user_id
+      put ":id/members/:user_id" do
+        authorize! :admin_project, user_project
+        required_attributes! [:access_level]
+
+        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
+        not_found!("User can not be found") if team_member.nil?
+
+        if team_member.update_attributes(project_access: params[:access_level])
+          @member = team_member.user
+          present @member, with: Entities::ProjectMember, project: user_project
+        else
+          handle_project_member_errors team_member.errors
+        end
+      end
+
+      # Remove a team member from project
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   user_id (required) - The ID of a team member
+      # Example Request:
+      #   DELETE /projects/:id/members/:user_id
+      delete ":id/members/:user_id" do
+        authorize! :admin_project, user_project
+        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
+        unless team_member.nil?
+          team_member.destroy
+        else
+          {message: "Access revoked", id: params[:user_id].to_i}
+        end
+      end
+    end
+  end
+end
@@ -5,13 +5,6 @@ module API
     resource :projects do
       helpers do
-        def handle_project_member_errors(errors)
-          if errors[:project_access].any?
-            error!(errors[:project_access], 422)
-          end
-          not_found!
-        end
-
         def map_public_to_visibility_level(attrs)
           publik = attrs.delete(:public)
           publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik)
@@ -196,104 +189,6 @@ module API
           user_project.forked_project_link.destroy
         end
       end
-
-      # Get a project team members
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   query         - Query string
-      # Example Request:
-      #   GET /projects/:id/members
-      get ":id/members" do
-        if params[:query].present?
-          @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
-        else
-          @members = paginate user_project.users
-        end
-        present @members, with: Entities::ProjectMember, project: user_project
-      end
-
-      # Get a project team members
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a user
-      # Example Request:
-      #   GET /projects/:id/members/:user_id
-      get ":id/members/:user_id" do
-        @member = user_project.users.find params[:user_id]
-        present @member, with: Entities::ProjectMember, project: user_project
-      end
-
-      # Add a new project team member
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a user
-      #   access_level (required) - Project access level
-      # Example Request:
-      #   POST /projects/:id/members
-      post ":id/members" do
-        authorize! :admin_project, user_project
-        required_attributes! [:user_id, :access_level]
-
-        # either the user is already a team member or a new one
-        team_member = user_project.team_member_by_id(params[:user_id])
-        if team_member.nil?
-          team_member = user_project.users_projects.new(
-            user_id: params[:user_id],
-            project_access: params[:access_level]
-          )
-        end
-
-        if team_member.save
-          @member = team_member.user
-          present @member, with: Entities::ProjectMember, project: user_project
-        else
-          handle_project_member_errors team_member.errors
-        end
-      end
-
-      # Update project team member
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a team member
-      #   access_level (required) - Project access level
-      # Example Request:
-      #   PUT /projects/:id/members/:user_id
-      put ":id/members/:user_id" do
-        authorize! :admin_project, user_project
-        required_attributes! [:access_level]
-
-        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
-        not_found!("User can not be found") if team_member.nil?
-
-        if team_member.update_attributes(project_access: params[:access_level])
-          @member = team_member.user
-          present @member, with: Entities::ProjectMember, project: user_project
-        else
-          handle_project_member_errors team_member.errors
-        end
-      end
-
-      # Remove a team member from project
-      #
-      # Parameters:
-      #   id (required) - The ID of a project
-      #   user_id (required) - The ID of a team member
-      # Example Request:
-      #   DELETE /projects/:id/members/:user_id
-      delete ":id/members/:user_id" do
-        authorize! :admin_project, user_project
-        team_member = user_project.users_projects.find_by(user_id: params[:user_id])
-        unless team_member.nil?
-          team_member.destroy
-        else
-          {message: "Access revoked", id: params[:user_id].to_i}
-        end
-      end
-
       # search for projects current_user has access to
       #
       # Parameters:
@@ -0,0 +1,156 @@
+require 'spec_helper'
+
+describe API::API do
+  include ApiHelpers
+  before(:each) { enable_observers }
+  after(:each) { disable_observers }
+
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:user3) { create(:user) }
+  let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
+  let(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
+  let(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
+
+  describe "GET /projects/:id/members" do
+    before { users_project }
+    before { users_project2 }
+
+    it "should return project team members" do
+      get api("/projects/#{project.id}/members", user)
+      response.status.should == 200
+      json_response.should be_an Array
+      json_response.count.should == 2
+      json_response.map { |u| u['email'] }.should include user.email
+    end
+
+    it "finds team members with query string" do
+      get api("/projects/#{project.id}/members", user), query: user.username
+      response.status.should == 200
+      json_response.should be_an Array
+      json_response.count.should == 1
+      json_response.first['email'].should == user.email
+    end
+
+    it "should return a 404 error if id not found" do
+      get api("/projects/9999/members", user)
+      response.status.should == 404
+    end
+  end
+
+  describe "GET /projects/:id/members/:user_id" do
+    before { users_project }
+
+    it "should return project team member" do
+      get api("/projects/#{project.id}/members/#{user.id}", user)
+      response.status.should == 200
+      json_response['email'].should == user.email
+      json_response['access_level'].should == UsersProject::MASTER
+    end
+
+    it "should return a 404 error if user id not found" do
+      get api("/projects/#{project.id}/members/1234", user)
+      response.status.should == 404
+    end
+  end
+
+  describe "POST /projects/:id/members" do
+    it "should add user to project team" do
+      expect {
+        post api("/projects/#{project.id}/members", user), user_id: user2.id,
+          access_level: UsersProject::DEVELOPER
+      }.to change { UsersProject.count }.by(1)
+
+      response.status.should == 201
+      json_response['email'].should == user2.email
+      json_response['access_level'].should == UsersProject::DEVELOPER
+    end
+
+    it "should return a 201 status if user is already project member" do
+      post api("/projects/#{project.id}/members", user), user_id: user2.id,
+        access_level: UsersProject::DEVELOPER
+      expect {
+        post api("/projects/#{project.id}/members", user), user_id: user2.id,
+          access_level: UsersProject::DEVELOPER
+      }.not_to change { UsersProject.count }.by(1)
+
+      response.status.should == 201
+      json_response['email'].should == user2.email
+      json_response['access_level'].should == UsersProject::DEVELOPER
+    end
+
+    it "should return a 400 error when user id is not given" do
+      post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
+      response.status.should == 400
+    end
+
+    it "should return a 400 error when access level is not given" do
+      post api("/projects/#{project.id}/members", user), user_id: user2.id
+      response.status.should == 400
+    end
+
+    it "should return a 422 error when access level is not known" do
+      post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
+      response.status.should == 422
+    end
+  end
+
+  describe "PUT /projects/:id/members/:user_id" do
+    before { users_project2 }
+
+    it "should update project team member" do
+      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
+      response.status.should == 200
+      json_response['email'].should == user3.email
+      json_response['access_level'].should == UsersProject::MASTER
+    end
+
+    it "should return a 404 error if user_id is not found" do
+      put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
+      response.status.should == 404
+    end
+
+    it "should return a 400 error when access level is not given" do
+      put api("/projects/#{project.id}/members/#{user3.id}", user)
+      response.status.should == 400
+    end
+
+    it "should return a 422 error when access level is not known" do
+      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
+      response.status.should == 422
+    end
+  end
+
+  describe "DELETE /projects/:id/members/:user_id" do
+    before { users_project }
+    before { users_project2 }
+
+    it "should remove user from project team" do
+      expect {
+        delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      }.to change { UsersProject.count }.by(-1)
+    end
+
+    it "should return 200 if team member is not part of a project" do
+      delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      expect {
+        delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      }.to_not change { UsersProject.count }.by(1)
+    end
+
+    it "should return 200 if team member already removed" do
+      delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      delete api("/projects/#{project.id}/members/#{user3.id}", user)
+      response.status.should == 200
+    end
+
+    it "should return 200 OK when the user was not member" do
+      expect {
+        delete api("/projects/#{project.id}/members/1000000", user)
+      }.to change { UsersProject.count }.by(0)
+      response.status.should == 200
+      json_response['message'].should == "Access revoked"
+      json_response['id'].should == 1000000
+    end
+  end
+end
@@ -311,148 +311,6 @@ describe API::API do
     end
   end
-  describe "GET /projects/:id/members" do
-    before { users_project }
-    before { users_project2 }
-
-    it "should return project team members" do
-      get api("/projects/#{project.id}/members", user)
-      response.status.should == 200
-      json_response.should be_an Array
-      json_response.count.should == 2
-      json_response.map { |u| u['email'] }.should include user.email
-    end
-
-    it "finds team members with query string" do
-      get api("/projects/#{project.id}/members", user), query: user.username
-      response.status.should == 200
-      json_response.should be_an Array
-      json_response.count.should == 1
-      json_response.first['email'].should == user.email
-    end
-
-    it "should return a 404 error if id not found" do
-      get api("/projects/9999/members", user)
-      response.status.should == 404
-    end
-  end
-
-  describe "GET /projects/:id/members/:user_id" do
-    before { users_project }
-
-    it "should return project team member" do
-      get api("/projects/#{project.id}/members/#{user.id}", user)
-      response.status.should == 200
-      json_response['email'].should == user.email
-      json_response['access_level'].should == UsersProject::MASTER
-    end
-
-    it "should return a 404 error if user id not found" do
-      get api("/projects/#{project.id}/members/1234", user)
-      response.status.should == 404
-    end
-  end
-
-  describe "POST /projects/:id/members" do
-    it "should add user to project team" do
-      expect {
-        post api("/projects/#{project.id}/members", user), user_id: user2.id,
-          access_level: UsersProject::DEVELOPER
-      }.to change { UsersProject.count }.by(1)
-
-      response.status.should == 201
-      json_response['email'].should == user2.email
-      json_response['access_level'].should == UsersProject::DEVELOPER
-    end
-
-    it "should return a 201 status if user is already project member" do
-      post api("/projects/#{project.id}/members", user), user_id: user2.id,
-        access_level: UsersProject::DEVELOPER
-      expect {
-        post api("/projects/#{project.id}/members", user), user_id: user2.id,
-          access_level: UsersProject::DEVELOPER
-      }.not_to change { UsersProject.count }.by(1)
-
-      response.status.should == 201
-      json_response['email'].should == user2.email
-      json_response['access_level'].should == UsersProject::DEVELOPER
-    end
-
-    it "should return a 400 error when user id is not given" do
-      post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
-      response.status.should == 400
-    end
-
-    it "should return a 400 error when access level is not given" do
-      post api("/projects/#{project.id}/members", user), user_id: user2.id
-      response.status.should == 400
-    end
-
-    it "should return a 422 error when access level is not known" do
-      post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
-      response.status.should == 422
-    end
-  end
-
-  describe "PUT /projects/:id/members/:user_id" do
-    before { users_project2 }
-
-    it "should update project team member" do
-      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
-      response.status.should == 200
-      json_response['email'].should == user3.email
-      json_response['access_level'].should == UsersProject::MASTER
-    end
-
-    it "should return a 404 error if user_id is not found" do
-      put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
-      response.status.should == 404
-    end
-
-    it "should return a 400 error when access level is not given" do
-      put api("/projects/#{project.id}/members/#{user3.id}", user)
-      response.status.should == 400
-    end
-
-    it "should return a 422 error when access level is not known" do
-      put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
-      response.status.should == 422
-    end
-  end
-
-  describe "DELETE /projects/:id/members/:user_id" do
-    before { users_project }
-    before { users_project2 }
-
-    it "should remove user from project team" do
-      expect {
-        delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      }.to change { UsersProject.count }.by(-1)
-    end
-
-    it "should return 200 if team member is not part of a project" do
-      delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      expect {
-        delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      }.to_not change { UsersProject.count }.by(1)
-    end
-
-    it "should return 200 if team member already removed" do
-      delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      delete api("/projects/#{project.id}/members/#{user3.id}", user)
-      response.status.should == 200
-    end
-
-    it "should return 200 OK when the user was not member" do
-      expect {
-        delete api("/projects/#{project.id}/members/1000000", user)
-      }.to change { UsersProject.count }.by(0)
-      response.status.should == 200
-      json_response['message'].should == "Access revoked"
-      json_response['id'].should == 1000000
-    end
-  end
-
   describe "GET /projects/:id/snippets" do
     before { snippet }
	@@ -5,15 +5,6 @@ module API		@@ -5,15 +5,6 @@ module API
5	before { authorize_admin_project }	5	before { authorize_admin_project }
6		6
7	resource :projects do	7	resource :projects do
8	- helpers do
9	- def handle_project_member_errors(errors)
10	- if errors[:project_access].any?
11	- error!(errors[:project_access], 422)
12	- end
13	- not_found!
14	- end
15	- end
16	-
17	# Get project hooks	8	# Get project hooks
18	#	9	#
19	# Parameters:	10	# Parameters:
@@ -0,0 +1,114 @@		@@ -0,0 +1,114 @@
	1	+module API
	2	+ # Projects members API
	3	+ class ProjectMembers < Grape::API
	4	+ before { authenticate! }
	5	+
	6	+ resource :projects do
	7	+ helpers do
	8	+ def handle_project_member_errors(errors)
	9	+ if errors[:project_access].any?
	10	+ error!(errors[:project_access], 422)
	11	+ end
	12	+ not_found!
	13	+ end
	14	+ end
	15	+
	16	+ # Get a project team members
	17	+ #
	18	+ # Parameters:
	19	+ # id (required) - The ID of a project
	20	+ # query - Query string
	21	+ # Example Request:
	22	+ # GET /projects/:id/members
	23	+ get ":id/members" do
	24	+ if params[:query].present?
	25	+ @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
	26	+ else
	27	+ @members = paginate user_project.users
	28	+ end
	29	+ present @members, with: Entities::ProjectMember, project: user_project
	30	+ end
	31	+
	32	+ # Get a project team members
	33	+ #
	34	+ # Parameters:
	35	+ # id (required) - The ID of a project
	36	+ # user_id (required) - The ID of a user
	37	+ # Example Request:
	38	+ # GET /projects/:id/members/:user_id
	39	+ get ":id/members/:user_id" do
	40	+ @member = user_project.users.find params[:user_id]
	41	+ present @member, with: Entities::ProjectMember, project: user_project
	42	+ end
	43	+
	44	+ # Add a new project team member
	45	+ #
	46	+ # Parameters:
	47	+ # id (required) - The ID of a project
	48	+ # user_id (required) - The ID of a user
	49	+ # access_level (required) - Project access level
	50	+ # Example Request:
	51	+ # POST /projects/:id/members
	52	+ post ":id/members" do
	53	+ authorize! :admin_project, user_project
	54	+ required_attributes! [:user_id, :access_level]
	55	+
	56	+ # either the user is already a team member or a new one
	57	+ team_member = user_project.team_member_by_id(params[:user_id])
	58	+ if team_member.nil?
	59	+ team_member = user_project.users_projects.new(
	60	+ user_id: params[:user_id],
	61	+ project_access: params[:access_level]
	62	+ )
	63	+ end
	64	+
	65	+ if team_member.save
	66	+ @member = team_member.user
	67	+ present @member, with: Entities::ProjectMember, project: user_project
	68	+ else
	69	+ handle_project_member_errors team_member.errors
	70	+ end
	71	+ end
	72	+
	73	+ # Update project team member
	74	+ #
	75	+ # Parameters:
	76	+ # id (required) - The ID of a project
	77	+ # user_id (required) - The ID of a team member
	78	+ # access_level (required) - Project access level
	79	+ # Example Request:
	80	+ # PUT /projects/:id/members/:user_id
	81	+ put ":id/members/:user_id" do
	82	+ authorize! :admin_project, user_project
	83	+ required_attributes! [:access_level]
	84	+
	85	+ team_member = user_project.users_projects.find_by(user_id: params[:user_id])
	86	+ not_found!("User can not be found") if team_member.nil?
	87	+
	88	+ if team_member.update_attributes(project_access: params[:access_level])
	89	+ @member = team_member.user
	90	+ present @member, with: Entities::ProjectMember, project: user_project
	91	+ else
	92	+ handle_project_member_errors team_member.errors
	93	+ end
	94	+ end
	95	+
	96	+ # Remove a team member from project
	97	+ #
	98	+ # Parameters:
	99	+ # id (required) - The ID of a project
	100	+ # user_id (required) - The ID of a team member
	101	+ # Example Request:
	102	+ # DELETE /projects/:id/members/:user_id
	103	+ delete ":id/members/:user_id" do
	104	+ authorize! :admin_project, user_project
	105	+ team_member = user_project.users_projects.find_by(user_id: params[:user_id])
	106	+ unless team_member.nil?
	107	+ team_member.destroy
	108	+ else
	109	+ {message: "Access revoked", id: params[:user_id].to_i}
	110	+ end
	111	+ end
	112	+ end
	113	+ end
	114	+end
	@@ -5,13 +5,6 @@ module API		@@ -5,13 +5,6 @@ module API
5		5
6	resource :projects do	6	resource :projects do
7	helpers do	7	helpers do
8	- def handle_project_member_errors(errors)
9	- if errors[:project_access].any?
10	- error!(errors[:project_access], 422)
11	- end
12	- not_found!
13	- end
14	-
15	def map_public_to_visibility_level(attrs)	8	def map_public_to_visibility_level(attrs)
16	publik = attrs.delete(:public)	9	publik = attrs.delete(:public)
17	publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik)	10	publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik)
	@@ -196,104 +189,6 @@ module API		@@ -196,104 +189,6 @@ module API
196	user_project.forked_project_link.destroy	189	user_project.forked_project_link.destroy
197	end	190	end
198	end	191	end
199	-
200	- # Get a project team members
201	- #
202	- # Parameters:
203	- # id (required) - The ID of a project
204	- # query - Query string
205	- # Example Request:
206	- # GET /projects/:id/members
207	- get ":id/members" do
208	- if params[:query].present?
209	- @members = paginate user_project.users.where("username LIKE ?", "%#{params[:query]}%")
210	- else
211	- @members = paginate user_project.users
212	- end
213	- present @members, with: Entities::ProjectMember, project: user_project
214	- end
215	-
216	- # Get a project team members
217	- #
218	- # Parameters:
219	- # id (required) - The ID of a project
220	- # user_id (required) - The ID of a user
221	- # Example Request:
222	- # GET /projects/:id/members/:user_id
223	- get ":id/members/:user_id" do
224	- @member = user_project.users.find params[:user_id]
225	- present @member, with: Entities::ProjectMember, project: user_project
226	- end
227	-
228	- # Add a new project team member
229	- #
230	- # Parameters:
231	- # id (required) - The ID of a project
232	- # user_id (required) - The ID of a user
233	- # access_level (required) - Project access level
234	- # Example Request:
235	- # POST /projects/:id/members
236	- post ":id/members" do
237	- authorize! :admin_project, user_project
238	- required_attributes! [:user_id, :access_level]
239	-
240	- # either the user is already a team member or a new one
241	- team_member = user_project.team_member_by_id(params[:user_id])
242	- if team_member.nil?
243	- team_member = user_project.users_projects.new(
244	- user_id: params[:user_id],
245	- project_access: params[:access_level]
246	- )
247	- end
248	-
249	- if team_member.save
250	- @member = team_member.user
251	- present @member, with: Entities::ProjectMember, project: user_project
252	- else
253	- handle_project_member_errors team_member.errors
254	- end
255	- end
256	-
257	- # Update project team member
258	- #
259	- # Parameters:
260	- # id (required) - The ID of a project
261	- # user_id (required) - The ID of a team member
262	- # access_level (required) - Project access level
263	- # Example Request:
264	- # PUT /projects/:id/members/:user_id
265	- put ":id/members/:user_id" do
266	- authorize! :admin_project, user_project
267	- required_attributes! [:access_level]
268	-
269	- team_member = user_project.users_projects.find_by(user_id: params[:user_id])
270	- not_found!("User can not be found") if team_member.nil?
271	-
272	- if team_member.update_attributes(project_access: params[:access_level])
273	- @member = team_member.user
274	- present @member, with: Entities::ProjectMember, project: user_project
275	- else
276	- handle_project_member_errors team_member.errors
277	- end
278	- end
279	-
280	- # Remove a team member from project
281	- #
282	- # Parameters:
283	- # id (required) - The ID of a project
284	- # user_id (required) - The ID of a team member
285	- # Example Request:
286	- # DELETE /projects/:id/members/:user_id
287	- delete ":id/members/:user_id" do
288	- authorize! :admin_project, user_project
289	- team_member = user_project.users_projects.find_by(user_id: params[:user_id])
290	- unless team_member.nil?
291	- team_member.destroy
292	- else
293	- {message: "Access revoked", id: params[:user_id].to_i}
294	- end
295	- end
296	-
297	# search for projects current_user has access to	192	# search for projects current_user has access to
298	#	193	#
299	# Parameters:	194	# Parameters:
@@ -0,0 +1,156 @@		@@ -0,0 +1,156 @@
	1	+require 'spec_helper'
	2	+
	3	+describe API::API do
	4	+ include ApiHelpers
	5	+ before(:each) { enable_observers }
	6	+ after(:each) { disable_observers }
	7	+
	8	+ let(:user) { create(:user) }
	9	+ let(:user2) { create(:user) }
	10	+ let(:user3) { create(:user) }
	11	+ let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
	12	+ let(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
	13	+ let(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
	14	+
	15	+ describe "GET /projects/:id/members" do
	16	+ before { users_project }
	17	+ before { users_project2 }
	18	+
	19	+ it "should return project team members" do
	20	+ get api("/projects/#{project.id}/members", user)
	21	+ response.status.should == 200
	22	+ json_response.should be_an Array
	23	+ json_response.count.should == 2
	24	+ json_response.map { \|u\| u['email'] }.should include user.email
	25	+ end
	26	+
	27	+ it "finds team members with query string" do
	28	+ get api("/projects/#{project.id}/members", user), query: user.username
	29	+ response.status.should == 200
	30	+ json_response.should be_an Array
	31	+ json_response.count.should == 1
	32	+ json_response.first['email'].should == user.email
	33	+ end
	34	+
	35	+ it "should return a 404 error if id not found" do
	36	+ get api("/projects/9999/members", user)
	37	+ response.status.should == 404
	38	+ end
	39	+ end
	40	+
	41	+ describe "GET /projects/:id/members/:user_id" do
	42	+ before { users_project }
	43	+
	44	+ it "should return project team member" do
	45	+ get api("/projects/#{project.id}/members/#{user.id}", user)
	46	+ response.status.should == 200
	47	+ json_response['email'].should == user.email
	48	+ json_response['access_level'].should == UsersProject::MASTER
	49	+ end
	50	+
	51	+ it "should return a 404 error if user id not found" do
	52	+ get api("/projects/#{project.id}/members/1234", user)
	53	+ response.status.should == 404
	54	+ end
	55	+ end
	56	+
	57	+ describe "POST /projects/:id/members" do
	58	+ it "should add user to project team" do
	59	+ expect {
	60	+ post api("/projects/#{project.id}/members", user), user_id: user2.id,
	61	+ access_level: UsersProject::DEVELOPER
	62	+ }.to change { UsersProject.count }.by(1)
	63	+
	64	+ response.status.should == 201
	65	+ json_response['email'].should == user2.email
	66	+ json_response['access_level'].should == UsersProject::DEVELOPER
	67	+ end
	68	+
	69	+ it "should return a 201 status if user is already project member" do
	70	+ post api("/projects/#{project.id}/members", user), user_id: user2.id,
	71	+ access_level: UsersProject::DEVELOPER
	72	+ expect {
	73	+ post api("/projects/#{project.id}/members", user), user_id: user2.id,
	74	+ access_level: UsersProject::DEVELOPER
	75	+ }.not_to change { UsersProject.count }.by(1)
	76	+
	77	+ response.status.should == 201
	78	+ json_response['email'].should == user2.email
	79	+ json_response['access_level'].should == UsersProject::DEVELOPER
	80	+ end
	81	+
	82	+ it "should return a 400 error when user id is not given" do
	83	+ post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
	84	+ response.status.should == 400
	85	+ end
	86	+
	87	+ it "should return a 400 error when access level is not given" do
	88	+ post api("/projects/#{project.id}/members", user), user_id: user2.id
	89	+ response.status.should == 400
	90	+ end
	91	+
	92	+ it "should return a 422 error when access level is not known" do
	93	+ post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
	94	+ response.status.should == 422
	95	+ end
	96	+ end
	97	+
	98	+ describe "PUT /projects/:id/members/:user_id" do
	99	+ before { users_project2 }
	100	+
	101	+ it "should update project team member" do
	102	+ put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
	103	+ response.status.should == 200
	104	+ json_response['email'].should == user3.email
	105	+ json_response['access_level'].should == UsersProject::MASTER
	106	+ end
	107	+
	108	+ it "should return a 404 error if user_id is not found" do
	109	+ put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
	110	+ response.status.should == 404
	111	+ end
	112	+
	113	+ it "should return a 400 error when access level is not given" do
	114	+ put api("/projects/#{project.id}/members/#{user3.id}", user)
	115	+ response.status.should == 400
	116	+ end
	117	+
	118	+ it "should return a 422 error when access level is not known" do
	119	+ put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
	120	+ response.status.should == 422
	121	+ end
	122	+ end
	123	+
	124	+ describe "DELETE /projects/:id/members/:user_id" do
	125	+ before { users_project }
	126	+ before { users_project2 }
	127	+
	128	+ it "should remove user from project team" do
	129	+ expect {
	130	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	131	+ }.to change { UsersProject.count }.by(-1)
	132	+ end
	133	+
	134	+ it "should return 200 if team member is not part of a project" do
	135	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	136	+ expect {
	137	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	138	+ }.to_not change { UsersProject.count }.by(1)
	139	+ end
	140	+
	141	+ it "should return 200 if team member already removed" do
	142	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	143	+ delete api("/projects/#{project.id}/members/#{user3.id}", user)
	144	+ response.status.should == 200
	145	+ end
	146	+
	147	+ it "should return 200 OK when the user was not member" do
	148	+ expect {
	149	+ delete api("/projects/#{project.id}/members/1000000", user)
	150	+ }.to change { UsersProject.count }.by(0)
	151	+ response.status.should == 200
	152	+ json_response['message'].should == "Access revoked"
	153	+ json_response['id'].should == 1000000
	154	+ end
	155	+ end
	156	+end
	@@ -311,148 +311,6 @@ describe API::API do		@@ -311,148 +311,6 @@ describe API::API do
311	end	311	end
312	end	312	end
313		313
314	- describe "GET /projects/:id/members" do
315	- before { users_project }
316	- before { users_project2 }
317	-
318	- it "should return project team members" do
319	- get api("/projects/#{project.id}/members", user)
320	- response.status.should == 200
321	- json_response.should be_an Array
322	- json_response.count.should == 2
323	- json_response.map { \|u\| u['email'] }.should include user.email
324	- end
325	-
326	- it "finds team members with query string" do
327	- get api("/projects/#{project.id}/members", user), query: user.username
328	- response.status.should == 200
329	- json_response.should be_an Array
330	- json_response.count.should == 1
331	- json_response.first['email'].should == user.email
332	- end
333	-
334	- it "should return a 404 error if id not found" do
335	- get api("/projects/9999/members", user)
336	- response.status.should == 404
337	- end
338	- end
339	-
340	- describe "GET /projects/:id/members/:user_id" do
341	- before { users_project }
342	-
343	- it "should return project team member" do
344	- get api("/projects/#{project.id}/members/#{user.id}", user)
345	- response.status.should == 200
346	- json_response['email'].should == user.email
347	- json_response['access_level'].should == UsersProject::MASTER
348	- end
349	-
350	- it "should return a 404 error if user id not found" do
351	- get api("/projects/#{project.id}/members/1234", user)
352	- response.status.should == 404
353	- end
354	- end
355	-
356	- describe "POST /projects/:id/members" do
357	- it "should add user to project team" do
358	- expect {
359	- post api("/projects/#{project.id}/members", user), user_id: user2.id,
360	- access_level: UsersProject::DEVELOPER
361	- }.to change { UsersProject.count }.by(1)
362	-
363	- response.status.should == 201
364	- json_response['email'].should == user2.email
365	- json_response['access_level'].should == UsersProject::DEVELOPER
366	- end
367	-
368	- it "should return a 201 status if user is already project member" do
369	- post api("/projects/#{project.id}/members", user), user_id: user2.id,
370	- access_level: UsersProject::DEVELOPER
371	- expect {
372	- post api("/projects/#{project.id}/members", user), user_id: user2.id,
373	- access_level: UsersProject::DEVELOPER
374	- }.not_to change { UsersProject.count }.by(1)
375	-
376	- response.status.should == 201
377	- json_response['email'].should == user2.email
378	- json_response['access_level'].should == UsersProject::DEVELOPER
379	- end
380	-
381	- it "should return a 400 error when user id is not given" do
382	- post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
383	- response.status.should == 400
384	- end
385	-
386	- it "should return a 400 error when access level is not given" do
387	- post api("/projects/#{project.id}/members", user), user_id: user2.id
388	- response.status.should == 400
389	- end
390	-
391	- it "should return a 422 error when access level is not known" do
392	- post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
393	- response.status.should == 422
394	- end
395	- end
396	-
397	- describe "PUT /projects/:id/members/:user_id" do
398	- before { users_project2 }
399	-
400	- it "should update project team member" do
401	- put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
402	- response.status.should == 200
403	- json_response['email'].should == user3.email
404	- json_response['access_level'].should == UsersProject::MASTER
405	- end
406	-
407	- it "should return a 404 error if user_id is not found" do
408	- put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
409	- response.status.should == 404
410	- end
411	-
412	- it "should return a 400 error when access level is not given" do
413	- put api("/projects/#{project.id}/members/#{user3.id}", user)
414	- response.status.should == 400
415	- end
416	-
417	- it "should return a 422 error when access level is not known" do
418	- put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
419	- response.status.should == 422
420	- end
421	- end
422	-
423	- describe "DELETE /projects/:id/members/:user_id" do
424	- before { users_project }
425	- before { users_project2 }
426	-
427	- it "should remove user from project team" do
428	- expect {
429	- delete api("/projects/#{project.id}/members/#{user3.id}", user)
430	- }.to change { UsersProject.count }.by(-1)
431	- end
432	-
433	- it "should return 200 if team member is not part of a project" do
434	- delete api("/projects/#{project.id}/members/#{user3.id}", user)
435	- expect {
436	- delete api("/projects/#{project.id}/members/#{user3.id}", user)
437	- }.to_not change { UsersProject.count }.by(1)
438	- end
439	-
440	- it "should return 200 if team member already removed" do
441	- delete api("/projects/#{project.id}/members/#{user3.id}", user)
442	- delete api("/projects/#{project.id}/members/#{user3.id}", user)
443	- response.status.should == 200
444	- end
445	-
446	- it "should return 200 OK when the user was not member" do
447	- expect {
448	- delete api("/projects/#{project.id}/members/1000000", user)
449	- }.to change { UsersProject.count }.by(0)
450	- response.status.should == 200
451	- json_response['message'].should == "Access revoked"
452	- json_response['id'].should == 1000000
453	- end
454	- end
455	-
456	describe "GET /projects/:id/snippets" do	314	describe "GET /projects/:id/snippets" do
457	before { snippet }	315	before { snippet }
458		316