Download as
Browse Code »

Commit d5d0c00e7f2bd7cfede6cacdca39ed523948a10b

Authored by Dmitriy Zaporozhets
2 parents 69d70400 c3ba0ee6
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Merge branch 'former03-feature_teams_api'

Showing 6 changed files with 863 additions and 0 deletions   Show diff stats
doc/api/README.md
  Diff comments   View file @d5d0c00
@@ -79,3 +79,4 @@ When listing resources you can pass the following parameters: @@ -79,3 +79,4 @@ When listing resources you can pass the following parameters:
79 + [Milestones](doc/api/milestones.md) 79 + [Milestones](doc/api/milestones.md)
80 + [Notes](doc/api/notes.md) 80 + [Notes](doc/api/notes.md)
81 + [System Hooks](doc/api/system_hooks.md) 81 + [System Hooks](doc/api/system_hooks.md)
  82 ++ [User Teams](doc/api/user_teams.md)
doc/api/user_teams.md 0 → 100644
  Diff comments   View file @d5d0c00
@@ -0,0 +1,209 @@ @@ -0,0 +1,209 @@
  1 +## User teams
  2 +
  3 +### List user teams
  4 +
  5 +Get a list of user teams viewable by the authenticated user.
  6 +
  7 +```
  8 +GET /user_teams
  9 +```
  10 +
  11 +```json
  12 +[
  13 + {
  14 + id: 1,
  15 + name: "User team 1",
  16 + path: "user_team1",
  17 + owner_id: 1
  18 + },
  19 + {
  20 + id: 2,
  21 + name: "User team 2",
  22 + path: "user_team2",
  23 + owner_id: 1
  24 + }
  25 +]
  26 +```
  27 +
  28 +
  29 +### Get single user team
  30 +
  31 +Get a specific user team, identified by user team ID, which is viewable by the authenticated user.
  32 +
  33 +```
  34 +GET /user_teams/:id
  35 +```
  36 +
  37 +Parameters:
  38 +
  39 ++ `id` (required) - The ID of a user_team
  40 +
  41 +```json
  42 +{
  43 + id: 1,
  44 + name: "User team 1",
  45 + path: "user_team1",
  46 + owner_id: 1
  47 +}
  48 +```
  49 +
  50 +
  51 +### Create user team
  52 +
  53 +Creates new user team owned by user. Available only for admins.
  54 +
  55 +```
  56 +POST /user_teams
  57 +```
  58 +
  59 +Parameters:
  60 +
  61 ++ `name` (required) - new user team name
  62 ++ `path` (required) - new user team internal name
  63 +
  64 +
  65 +
  66 +## User team members
  67 +
  68 +### List user team members
  69 +
  70 +Get a list of project team members.
  71 +
  72 +```
  73 +GET /user_teams/:id/members
  74 +```
  75 +
  76 +Parameters:
  77 +
  78 ++ `id` (required) - The ID of a user_team
  79 +
  80 +
  81 +### Get user team member
  82 +
  83 +Gets a user team member.
  84 +
  85 +```
  86 +GET /user_teams/:id/members/:user_id
  87 +```
  88 +
  89 +Parameters:
  90 +
  91 ++ `id` (required) - The ID of a user_team
  92 ++ `user_id` (required) - The ID of a user
  93 +
  94 +```json
  95 +{
  96 + id: 2,
  97 + username: "john_doe",
  98 + email: "joh@doe.org",
  99 + name: "John Doe",
  100 + state: "active",
  101 + created_at: "2012-10-22T14:13:35Z",
  102 + access_level: 30
  103 +}
  104 +```
  105 +
  106 +
  107 +### Add user team member
  108 +
  109 +Adds a user to a user team.
  110 +
  111 +```
  112 +POST /user_teams/:id/members
  113 +```
  114 +
  115 +Parameters:
  116 +
  117 ++ `id` (required) - The ID of a user team
  118 ++ `user_id` (required) - The ID of a user to add
  119 ++ `access_level` (required) - Project access level
  120 +
  121 +
  122 +### Remove user team member
  123 +
  124 +Removes user from user team.
  125 +
  126 +```
  127 +DELETE /user_teams/:id/members/:user_id
  128 +```
  129 +
  130 +Parameters:
  131 +
  132 ++ `id` (required) - The ID of a user team
  133 ++ `user_id` (required) - The ID of a team member
  134 +
  135 +## User team projects
  136 +
  137 +### List user team projects
  138 +
  139 +Get a list of project team projects.
  140 +
  141 +```
  142 +GET /user_teams/:id/projects
  143 +```
  144 +
  145 +Parameters:
  146 +
  147 ++ `id` (required) - The ID of a user_team
  148 +
  149 +
  150 +### Get user team project
  151 +
  152 +Gets a user team project.
  153 +
  154 +```
  155 +GET /user_teams/:id/projects/:project_id
  156 +```
  157 +
  158 +Parameters:
  159 +
  160 ++ `id` (required) - The ID of a user_team
  161 ++ `project_id` (required) - The ID of a user
  162 +
  163 +```json
  164 +{
  165 + id: 12,
  166 + name: "project1",
  167 + description: null,
  168 + default_branch: "develop",
  169 + public: false,
  170 + path: "project1",
  171 + path_with_namespace: "group1/project1",
  172 + issues_enabled: false,
  173 + merge_requests_enabled: true,
  174 + wall_enabled: true,
  175 + wiki_enabled: false,
  176 + created_at: "2013-03-11T12:59:08Z",
  177 + greatest_access_level: 30
  178 +}
  179 +```
  180 +
  181 +
  182 +### Add user team project
  183 +
  184 +Adds a project to a user team.
  185 +
  186 +```
  187 +POST /user_teams/:id/projects
  188 +```
  189 +
  190 +Parameters:
  191 +
  192 ++ `id` (required) - The ID of a user team
  193 ++ `project_id` (required) - The ID of a project to add
  194 ++ `greatest_access_level` (required) - Maximum project access level
  195 +
  196 +
  197 +### Remove user team project
  198 +
  199 +Removes project from user team.
  200 +
  201 +```
  202 +DELETE /user_teams/:id/projects/:project_id
  203 +```
  204 +
  205 +Parameters:
  206 +
  207 ++ `id` (required) - The ID of a user team
  208 ++ `project_id` (required) - The ID of a team project
  209 +
lib/api/api.rb
  Diff comments   View file @d5d0c00
@@ -35,5 +35,6 @@ module API @@ -35,5 +35,6 @@ module API
35 mount Notes 35 mount Notes
36 mount Internal 36 mount Internal
37 mount SystemHooks 37 mount SystemHooks
  38 + mount UserTeams
38 end 39 end
39 end 40 end
lib/api/entities.rb
  Diff comments   View file @d5d0c00
@@ -40,6 +40,18 @@ module API @@ -40,6 +40,18 @@ module API
40 end 40 end
41 end 41 end
42 42
  43 + class TeamMember < UserBasic
  44 + expose :permission, as: :access_level do |user, options|
  45 + options[:user_team].user_team_user_relationships.find_by_user_id(user.id).permission
  46 + end
  47 + end
  48 +
  49 + class TeamProject < Project
  50 + expose :greatest_access, as: :greatest_access_level do |project, options|
  51 + options[:user_team].user_team_project_relationships.find_by_project_id(project.id).greatest_access
  52 + end
  53 + end
  54 +
43 class Group < Grape::Entity 55 class Group < Grape::Entity
44 expose :id, :name, :path, :owner_id 56 expose :id, :name, :path, :owner_id
45 end 57 end
@@ -87,6 +99,10 @@ module API @@ -87,6 +99,10 @@ module API
87 expose :id, :title, :key, :created_at 99 expose :id, :title, :key, :created_at
88 end 100 end
89 101
  102 + class UserTeam < Grape::Entity
  103 + expose :id, :name, :path, :owner_id
  104 + end
  105 +
90 class MergeRequest < Grape::Entity 106 class MergeRequest < Grape::Entity
91 expose :id, :target_branch, :source_branch, :project_id, :title, :state 107 expose :id, :target_branch, :source_branch, :project_id, :title, :state
92 expose :author, :assignee, using: Entities::UserBasic 108 expose :author, :assignee, using: Entities::UserBasic
lib/api/user_teams.rb 0 → 100644
  Diff comments   View file @d5d0c00
@@ -0,0 +1,276 @@ @@ -0,0 +1,276 @@
  1 +module API
  2 + # user_teams API
  3 + class UserTeams < Grape::API
  4 + before { authenticate! }
  5 +
  6 + resource :user_teams do
  7 + helpers do
  8 + def handle_team_member_errors(errors)
  9 + if errors[:permission].any?
  10 + render_api_error!(errors[:permission], 422)
  11 + end
  12 + not_found!
  13 + end
  14 +
  15 + def validate_access_level?(level)
  16 + [UsersProject::GUEST, UsersProject::REPORTER, UsersProject::DEVELOPER, UsersProject::MASTER].include? level.to_i
  17 + end
  18 + end
  19 +
  20 +
  21 + # Get a user_teams list
  22 + #
  23 + # Example Request:
  24 + # GET /user_teams
  25 + get do
  26 + if current_user.admin
  27 + @user_teams = paginate UserTeam
  28 + else
  29 + @user_teams = paginate current_user.user_teams
  30 + end
  31 + present @user_teams, with: Entities::UserTeam
  32 + end
  33 +
  34 +
  35 + # Create user_team. Available only for admin
  36 + #
  37 + # Parameters:
  38 + # name (required) - The name of the user_team
  39 + # path (required) - The path of the user_team
  40 + # Example Request:
  41 + # POST /user_teams
  42 + post do
  43 + authenticated_as_admin!
  44 + required_attributes! [:name, :path]
  45 +
  46 + attrs = attributes_for_keys [:name, :path]
  47 + @user_team = UserTeam.new(attrs)
  48 + @user_team.owner = current_user
  49 +
  50 + if @user_team.save
  51 + present @user_team, with: Entities::UserTeam
  52 + else
  53 + not_found!
  54 + end
  55 + end
  56 +
  57 +
  58 + # Get a single user_team
  59 + #
  60 + # Parameters:
  61 + # id (required) - The ID of a user_team
  62 + # Example Request:
  63 + # GET /user_teams/:id
  64 + get ":id" do
  65 + @user_team = UserTeam.find(params[:id])
  66 + if current_user.admin or current_user.user_teams.include? @user_team
  67 + present @user_team, with: Entities::UserTeam
  68 + else
  69 + not_found!
  70 + end
  71 + end
  72 +
  73 +
  74 + # Get user_team members
  75 + #
  76 + # Parameters:
  77 + # id (required) - The ID of a user_team
  78 + # Example Request:
  79 + # GET /user_teams/:id/members
  80 + get ":id/members" do
  81 + @user_team = UserTeam.find(params[:id])
  82 + if current_user.admin or current_user.user_teams.include? @user_team
  83 + @members = paginate @user_team.members
  84 + present @members, with: Entities::TeamMember, user_team: @user_team
  85 + else
  86 + not_found!
  87 + end
  88 + end
  89 +
  90 +
  91 + # Add a new user_team member
  92 + #
  93 + # Parameters:
  94 + # id (required) - The ID of a user_team
  95 + # user_id (required) - The ID of a user
  96 + # access_level (required) - Project access level
  97 + # Example Request:
  98 + # POST /user_teams/:id/members
  99 + post ":id/members" do
  100 + authenticated_as_admin!
  101 + required_attributes! [:user_id, :access_level]
  102 +
  103 + if not validate_access_level?(params[:access_level])
  104 + render_api_error!("Wrong access level", 422)
  105 + end
  106 +
  107 + @user_team = UserTeam.find(params[:id])
  108 + if @user_team
  109 + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
  110 + # Not existing member
  111 + if team_member.nil?
  112 + @user_team.add_member(params[:user_id], params[:access_level], false)
  113 + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
  114 +
  115 + if team_member.nil?
  116 + render_api_error!("Error creating membership", 500)
  117 + else
  118 + @member = team_member.user
  119 + present @member, with: Entities::TeamMember, user_team: @user_team
  120 + end
  121 + else
  122 + render_api_error!("Already exists", 409)
  123 + end
  124 + else
  125 + not_found!
  126 + end
  127 + end
  128 +
  129 +
  130 + # Get a single team member from user_team
  131 + #
  132 + # Parameters:
  133 + # id (required) - The ID of a user_team
  134 + # user_id (required) - The ID of a team member
  135 + # Example Request:
  136 + # GET /user_teams/:id/members/:user_id
  137 + get ":id/members/:user_id" do
  138 + @user_team = UserTeam.find(params[:id])
  139 + if current_user.admin or current_user.user_teams.include? @user_team
  140 + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
  141 + unless team_member.nil?
  142 + present team_member.user, with: Entities::TeamMember, user_team: @user_team
  143 + else
  144 + not_found!
  145 + end
  146 + else
  147 + not_found!
  148 + end
  149 + end
  150 +
  151 + # Remove a team member from user_team
  152 + #
  153 + # Parameters:
  154 + # id (required) - The ID of a user_team
  155 + # user_id (required) - The ID of a team member
  156 + # Example Request:
  157 + # DELETE /user_teams/:id/members/:user_id
  158 + delete ":id/members/:user_id" do
  159 + authenticated_as_admin!
  160 +
  161 + @user_team = UserTeam.find(params[:id])
  162 + if @user_team
  163 + team_member = @user_team.user_team_user_relationships.find_by_user_id(params[:user_id])
  164 + unless team_member.nil?
  165 + team_member.destroy
  166 + else
  167 + not_found!
  168 + end
  169 + else
  170 + not_found!
  171 + end
  172 + end
  173 +
  174 +
  175 + # Get to user_team assigned projects
  176 + #
  177 + # Parameters:
  178 + # id (required) - The ID of a user_team
  179 + # Example Request:
  180 + # GET /user_teams/:id/projects
  181 + get ":id/projects" do
  182 + @user_team = UserTeam.find(params[:id])
  183 + if current_user.admin or current_user.user_teams.include? @user_team
  184 + @projects = paginate @user_team.projects
  185 + present @projects, with: Entities::TeamProject, user_team: @user_team
  186 + else
  187 + not_found!
  188 + end
  189 + end
  190 +
  191 +
  192 + # Add a new user_team project
  193 + #
  194 + # Parameters:
  195 + # id (required) - The ID of a user_team
  196 + # project_id (required) - The ID of a project
  197 + # greatest_access_level (required) - Project access level
  198 + # Example Request:
  199 + # POST /user_teams/:id/projects
  200 + post ":id/projects" do
  201 + authenticated_as_admin!
  202 + required_attributes! [:project_id, :greatest_access_level]
  203 +
  204 + if not validate_access_level?(params[:greatest_access_level])
  205 + render_api_error!("Wrong greatest_access_level", 422)
  206 + end
  207 +
  208 + @user_team = UserTeam.find(params[:id])
  209 + if @user_team
  210 + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
  211 +
  212 + # No existing project
  213 + if team_project.nil?
  214 + @user_team.assign_to_projects([params[:project_id]], params[:greatest_access_level])
  215 + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
  216 + if team_project.nil?
  217 + render_api_error!("Error creating project assignment", 500)
  218 + else
  219 + @project = team_project.project
  220 + present @project, with: Entities::TeamProject, user_team: @user_team
  221 + end
  222 + else
  223 + render_api_error!("Already exists", 409)
  224 + end
  225 + else
  226 + not_found!
  227 + end
  228 + end
  229 +
  230 + # Show a single team project from user_team
  231 + #
  232 + # Parameters:
  233 + # id (required) - The ID of a user_team
  234 + # project_id (required) - The ID of a project assigned to the team
  235 + # Example Request:
  236 + # GET /user_teams/:id/projects/:project_id
  237 + get ":id/projects/:project_id" do
  238 + @user_team = UserTeam.find(params[:id])
  239 + if current_user.admin or current_user.user_teams.include? @user_team
  240 + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
  241 + unless team_project.nil?
  242 + present team_project.project, with: Entities::TeamProject, user_team: @user_team
  243 + else
  244 + not_found!
  245 + end
  246 + else
  247 + not_found!
  248 + end
  249 + end
  250 +
  251 + # Remove a team project from user_team
  252 + #
  253 + # Parameters:
  254 + # id (required) - The ID of a user_team
  255 + # project_id (required) - The ID of a project assigned to the team
  256 + # Example Request:
  257 + # DELETE /user_teams/:id/projects/:project_id
  258 + delete ":id/projects/:project_id" do
  259 + authenticated_as_admin!
  260 +
  261 + @user_team = UserTeam.find(params[:id])
  262 + if @user_team
  263 + team_project = @user_team.user_team_project_relationships.find_by_project_id(params[:project_id])
  264 + unless team_project.nil?
  265 + team_project.destroy
  266 + else
  267 + not_found!
  268 + end
  269 + else
  270 + not_found!
  271 + end
  272 + end
  273 +
  274 + end
  275 + end
  276 +end
spec/requests/api/user_teams_spec.rb 0 → 100644
  Diff comments   View file @d5d0c00
@@ -0,0 +1,360 @@ @@ -0,0 +1,360 @@
  1 +require 'spec_helper'
  2 +
  3 +describe API::API do
  4 + include ApiHelpers
  5 +
  6 + # Create test objects
  7 + let(:user1) { create(:user) }
  8 + let(:user2) { create(:user) }
  9 + let(:admin) { create(:admin) }
  10 + let!(:group1) { create(:group, owner: user1) }
  11 + let!(:group2) { create(:group, owner: user2) }
  12 + let(:user_team1) { create(:user_team, owner: user1) }
  13 + let(:user_team2) { create(:user_team, owner: user2) }
  14 + let!(:project1) { create(:project, creator_id: admin.id) }
  15 + let!(:project2) { create(:project, creator_id: admin.id) }
  16 +
  17 +
  18 + before {
  19 + # Add members to teams
  20 + user_team1.add_member(user1, UsersProject::MASTER, false)
  21 + user_team2.add_member(user2, UsersProject::MASTER, false)
  22 +
  23 + # Add projects to teams
  24 + user_team1.assign_to_projects([project1.id], UsersProject::MASTER)
  25 + user_team2.assign_to_projects([project2.id], UsersProject::MASTER)
  26 +
  27 + }
  28 +
  29 + describe "GET /user_teams" do
  30 + context "when unauthenticated" do
  31 + it "should return authentication error" do
  32 + get api("/user_teams")
  33 + response.status.should == 401
  34 + end
  35 + end
  36 +
  37 + context "when authenticated as user" do
  38 + it "normal user: should return an array of user_teams of user1" do
  39 + get api("/user_teams", user1)
  40 + response.status.should == 200
  41 + json_response.should be_an Array
  42 + json_response.length.should == 1
  43 + json_response.first['name'].should == user_team1.name
  44 + end
  45 + end
  46 +
  47 + context "when authenticated as admin" do
  48 + it "admin: should return an array of all user_teams" do
  49 + get api("/user_teams", admin)
  50 + response.status.should == 200
  51 + json_response.should be_an Array
  52 + json_response.length.should == 2
  53 + end
  54 + end
  55 + end
  56 +
  57 + describe "GET /user_teams/:id" do
  58 + context "when authenticated as user" do
  59 + it "should return one of user1's user_teams" do
  60 + get api("/user_teams/#{user_team1.id}", user1)
  61 + response.status.should == 200
  62 + json_response['name'] == user_team1.name
  63 + end
  64 +
  65 + it "should not return a non existing team" do
  66 + get api("/user_teams/1328", user1)
  67 + response.status.should == 404
  68 + end
  69 +
  70 + it "should not return a user_team not attached to user1" do
  71 + get api("/user_teams/#{user_team2.id}", user1)
  72 + response.status.should == 404
  73 + end
  74 + end
  75 +
  76 + context "when authenticated as admin" do
  77 + it "should return any existing user_team" do
  78 + get api("/user_teams/#{user_team2.id}", admin)
  79 + response.status.should == 200
  80 + json_response['name'].should == user_team2.name
  81 + end
  82 +
  83 + it "should not return a non existing user_team" do
  84 + get api("/user_teams/1328", admin)
  85 + response.status.should == 404
  86 + end
  87 + end
  88 + end
  89 +
  90 + describe "POST /user_teams" do
  91 + context "when authenticated as user" do
  92 + it "should not create user_team" do
  93 + count_before=UserTeam.count
  94 + post api("/user_teams", user1), attributes_for(:user_team)
  95 + response.status.should == 403
  96 + UserTeam.count.should == count_before
  97 + end
  98 + end
  99 +
  100 + context "when authenticated as admin" do
  101 + it "should create user_team" do
  102 + count_before=UserTeam.count
  103 + post api("/user_teams", admin), attributes_for(:user_team)
  104 + response.status.should == 201
  105 + UserTeam.count.should == count_before + 1
  106 + end
  107 +
  108 + it "should not create user_team, duplicate" do
  109 + post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path}
  110 + response.status.should == 404
  111 + end
  112 +
  113 + it "should return 400 bad request error if name not given" do
  114 + post api("/user_teams", admin), {:path => user_team2.path}
  115 + response.status.should == 400
  116 + end
  117 +
  118 + it "should return 400 bad request error if path not given" do
  119 + post api("/user_teams", admin), {:name => 'test'}
  120 + response.status.should == 400
  121 + end
  122 + end
  123 + end
  124 +
  125 + # Members
  126 +
  127 + describe "GET /user_teams/:id/members" do
  128 + context "when authenticated as user" do
  129 + it "should return user1 as member of user1's user_teams" do
  130 + get api("/user_teams/#{user_team1.id}/members", user1)
  131 + response.status.should == 200
  132 + json_response.first['name'].should == user1.name
  133 + json_response.first['access_level'].should == UsersProject::MASTER
  134 + end
  135 + end
  136 +
  137 + context "when authenticated as admin" do
  138 + it "should return member of any existing user_team" do
  139 + get api("/user_teams/#{user_team2.id}/members", admin)
  140 + response.status.should == 200
  141 + json_response.first['name'].should == user2.name
  142 + json_response.first['access_level'].should == UsersProject::MASTER
  143 + end
  144 + end
  145 + end
  146 +
  147 + describe "POST /user_teams/:id/members" do
  148 + context "when authenticated as user" do
  149 + it "should not add user2 as member of user_team1" do
  150 + post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER
  151 + response.status.should == 403
  152 + end
  153 + end
  154 +
  155 + context "when authenticated as admin" do
  156 + it "should return ok and add new member" do
  157 + count_before=user_team1.user_team_user_relationships.count
  158 + post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
  159 + response.status.should == 201
  160 + json_response['name'].should == user2.name
  161 + json_response['access_level'].should == UsersProject::MASTER
  162 + user_team1.user_team_user_relationships.count.should == count_before + 1
  163 + end
  164 + it "should return ok if member already exists" do
  165 + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
  166 + response.status.should == 409
  167 + end
  168 + it "should return a 400 error when user id is not given" do
  169 + post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER
  170 + response.status.should == 400
  171 + end
  172 + it "should return a 400 error when access level is not given" do
  173 + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id
  174 + response.status.should == 400
  175 + end
  176 +
  177 + it "should return a 422 error when access level is not known" do
  178 + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234
  179 + response.status.should == 422
  180 + end
  181 +
  182 + end
  183 + end
  184 +
  185 + # Get single member
  186 + describe "GET /user_teams/:id/members/:user_id" do
  187 + context "when authenticated as member" do
  188 + it "should show user1's membership of user_team1" do
  189 + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
  190 + response.status.should == 200
  191 + json_response['name'].should == user1.name
  192 + json_response['access_level'].should == UsersProject::MASTER
  193 + end
  194 + it "should show that user2 is not member of user_team1" do
  195 + get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1)
  196 + response.status.should == 404
  197 + end
  198 + end
  199 +
  200 + context "when authenticated as non-member" do
  201 + it "should not show user1's membership of user_team1" do
  202 + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2)
  203 + response.status.should == 404
  204 + end
  205 + end
  206 +
  207 + context "when authenticated as admin" do
  208 + it "should show user1's membership of user_team1" do
  209 + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
  210 + response.status.should == 200
  211 + json_response['name'].should == user1.name
  212 + json_response['access_level'].should == UsersProject::MASTER
  213 + end
  214 + it "should return a 404 error when user id is not known" do
  215 + get api("/user_teams/#{user_team2.id}/members/1328", admin)
  216 + response.status.should == 404
  217 + end
  218 + end
  219 + end
  220 +
  221 + describe "DELETE /user_teams/:id/members/:user_id" do
  222 + context "when authenticated as user" do
  223 + it "should not delete user1's membership of user_team1" do
  224 + delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
  225 + response.status.should == 403
  226 + end
  227 + end
  228 +
  229 + context "when authenticated as admin" do
  230 + it "should delete user1's membership of user_team1" do
  231 + count_before=user_team1.user_team_user_relationships.count
  232 + delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
  233 + response.status.should == 200
  234 + user_team1.user_team_user_relationships.count.should == count_before - 1
  235 + end
  236 + it "should return a 404 error when user id is not known" do
  237 + delete api("/user_teams/#{user_team2.id}/members/1328", admin)
  238 + response.status.should == 404
  239 + end
  240 + end
  241 + end
  242 +
  243 + # Projects
  244 +
  245 + describe "GET /user_teams/:id/projects" do
  246 + context "when authenticated as user" do
  247 + it "should return project1 as assigned to user_team1 as member user1" do
  248 + get api("/user_teams/#{user_team1.id}/projects", user1)
  249 + response.status.should == 200
  250 + json_response.first['name'].should == project1.name
  251 + json_response.length.should == user_team1.user_team_project_relationships.count
  252 + end
  253 + end
  254 +
  255 + context "when authenticated as admin" do
  256 + it "should return project2 as assigned to user_team2 as non-member, but admin" do
  257 + get api("/user_teams/#{user_team2.id}/projects", admin)
  258 + response.status.should == 200
  259 + json_response.first['name'].should == project2.name
  260 + json_response.first['greatest_access_level'].should == UsersProject::MASTER
  261 + end
  262 + end
  263 + end
  264 +
  265 + describe "POST /user_teams/:id/projects" do
  266 + context "when authenticated as admin" do
  267 + it "should return ok and add new project" do
  268 + count_before=user_team1.user_team_project_relationships.count
  269 + post api("/user_teams/#{user_team1.id}/projects", admin),
  270 + project_id: project2.id,
  271 + greatest_access_level: UsersProject::MASTER
  272 + response.status.should == 201
  273 + json_response['name'].should == project2.name
  274 + json_response['greatest_access_level'].should == UsersProject::MASTER
  275 + user_team1.user_team_project_relationships.count.should == count_before + 1
  276 + end
  277 + it "should return ok if project already exists" do
  278 + post api("/user_teams/#{user_team2.id}/projects", admin),
  279 + project_id: project2.id,
  280 + greatest_access_level: UsersProject::MASTER
  281 + response.status.should == 409
  282 + end
  283 + it "should return a 400 error when project id is not given" do
  284 + post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER
  285 + response.status.should == 400
  286 + end
  287 + it "should return a 400 error when access level is not given" do
  288 + post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id
  289 + response.status.should == 400
  290 + end
  291 +
  292 + it "should return a 422 error when access level is not known" do
  293 + post api("/user_teams/#{user_team2.id}/projects", admin),
  294 + project_id: project2.id,
  295 + greatest_access_level: 1234
  296 + response.status.should == 422
  297 + end
  298 +
  299 + end
  300 + end
  301 +
  302 +
  303 + describe "GET /user_teams/:id/projects/:project_id" do
  304 + context "when authenticated as member" do
  305 + it "should show project1's assignment to user_team1" do
  306 + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1)
  307 + response.status.should == 200
  308 + json_response['name'].should == project1.name
  309 + json_response['greatest_access_level'].should == UsersProject::MASTER
  310 + end
  311 + it "should show project2's is not assigned to user_team1" do
  312 + get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1)
  313 + response.status.should == 404
  314 + end
  315 + end
  316 +
  317 + context "when authenticated as non-member" do
  318 + it "should not show project1's assignment to user_team1" do
  319 + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2)
  320 + response.status.should == 404
  321 + end
  322 + end
  323 +
  324 + context "when authenticated as admin" do
  325 + it "should show project1's assignment to user_team1" do
  326 + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
  327 + response.status.should == 200
  328 + json_response['name'].should == project1.name
  329 + json_response['greatest_access_level'].should == UsersProject::MASTER
  330 + end
  331 + it "should return a 404 error when project id is not known" do
  332 + get api("/user_teams/#{user_team2.id}/projects/1328", admin)
  333 + response.status.should == 404
  334 + end
  335 + end
  336 + end
  337 +
  338 + describe "DELETE /user_teams/:id/projects/:project_id" do
  339 + context "when authenticated as user" do
  340 + it "should not delete project1's assignment to user_team2" do
  341 + delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1)
  342 + response.status.should == 403
  343 + end
  344 + end
  345 +
  346 + context "when authenticated as admin" do
  347 + it "should delete project1's assignment to user_team1" do
  348 + count_before=user_team1.user_team_project_relationships.count
  349 + delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
  350 + response.status.should == 200
  351 + user_team1.user_team_project_relationships.count.should == count_before - 1
  352 + end
  353 + it "should return a 404 error when project id is not known" do
  354 + delete api("/user_teams/#{user_team2.id}/projects/1328", admin)
  355 + response.status.should == 404
  356 + end
  357 + end
  358 + end
  359 +
  360 +end