Loading lib/api/group_members.rb +8 −2 Original line number Diff line number Diff line Loading @@ -39,14 +39,18 @@ def validate_access_level?(level) # Example Request: # POST /groups/:id/members post ":id/members" do group = find_group(params[:id]) authorize! :manage_group, group required_attributes! [:user_id, :access_level] unless validate_access_level?(params[:access_level]) render_api_error!("Wrong access level", 422) end group = find_group(params[:id]) if group.group_members.find_by(user_id: params[:user_id]) render_api_error!("Already exists", 409) end group.add_users([params[:user_id]], params[:access_level]) member = group.group_members.find_by(user_id: params[:user_id]) present member.user, with: Entities::GroupMember, group: group Loading @@ -62,7 +66,9 @@ def validate_access_level?(level) # DELETE /groups/:id/members/:user_id delete ":id/members/:user_id" do group = find_group(params[:id]) authorize! :manage_group, group member = group.group_members.find_by(user_id: params[:user_id]) if member.nil? render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}",404) else Loading spec/requests/api/group_members_spec.rb +9 −3 Original line number Diff line number Diff line Loading @@ -115,16 +115,22 @@ context "when a member of the group" do it "should delete guest's membership of group" do count_before=group_with_members.group_members.count expect { delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner) }.to change { group_with_members.members.count }.by(-1) response.status.should == 200 group_with_members.group_members.count.should == count_before - 1 end it "should return a 404 error when user id is not known" do delete api("/groups/#{group_with_members.id}/members/1328", owner) response.status.should == 404 end it "should not allow guest to modify group members" do delete api("/groups/#{group_with_members.id}/members/#{master.id}", guest) response.status.should == 403 end end end end Loading
lib/api/group_members.rb +8 −2 Original line number Diff line number Diff line Loading @@ -39,14 +39,18 @@ def validate_access_level?(level) # Example Request: # POST /groups/:id/members post ":id/members" do group = find_group(params[:id]) authorize! :manage_group, group required_attributes! [:user_id, :access_level] unless validate_access_level?(params[:access_level]) render_api_error!("Wrong access level", 422) end group = find_group(params[:id]) if group.group_members.find_by(user_id: params[:user_id]) render_api_error!("Already exists", 409) end group.add_users([params[:user_id]], params[:access_level]) member = group.group_members.find_by(user_id: params[:user_id]) present member.user, with: Entities::GroupMember, group: group Loading @@ -62,7 +66,9 @@ def validate_access_level?(level) # DELETE /groups/:id/members/:user_id delete ":id/members/:user_id" do group = find_group(params[:id]) authorize! :manage_group, group member = group.group_members.find_by(user_id: params[:user_id]) if member.nil? render_api_error!("404 Not Found - user_id:#{params[:user_id]} not a member of group #{group.name}",404) else Loading
spec/requests/api/group_members_spec.rb +9 −3 Original line number Diff line number Diff line Loading @@ -115,16 +115,22 @@ context "when a member of the group" do it "should delete guest's membership of group" do count_before=group_with_members.group_members.count expect { delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner) }.to change { group_with_members.members.count }.by(-1) response.status.should == 200 group_with_members.group_members.count.should == count_before - 1 end it "should return a 404 error when user id is not known" do delete api("/groups/#{group_with_members.id}/members/1328", owner) response.status.should == 404 end it "should not allow guest to modify group members" do delete api("/groups/#{group_with_members.id}/members/#{master.id}", guest) response.status.should == 403 end end end end
Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>