Commit fadcc251 authored by Izaak Alpert's avatar Izaak Alpert

Fixes for @Randx

Change-Id: I3b15ae34c0957a0f4026e1886c92a9770e9d170e
parent 8248e1f2
......@@ -14,9 +14,10 @@ module API
end
end
def validate_access_level?(level)
[UsersGroup::GUEST, UsersGroup::REPORTER, UsersGroup::DEVELOPER, UsersGroup::MASTER].include? level.to_i
Gitlab::Access.options_with_owner.values.include? level.to_i
end
end
# Get a groups list
#
# Example Request:
......@@ -88,7 +89,7 @@ module API
get ":id/members" do
group = find_group(params[:id])
members = group.users_groups
users = (paginate members).collect { | member| member.user}
users = (paginate members).collect(&:user)
present users, with: Entities::GroupMember, group: group
end
......@@ -102,7 +103,7 @@ module API
# POST /groups/:id/members
post ":id/members" do
required_attributes! [:user_id, :access_level]
if not validate_access_level?(params[:access_level])
unless validate_access_level?(params[:access_level])
render_api_error!("Wrong access level", 422)
end
group = find_group(params[:id])
......
......@@ -108,7 +108,6 @@ describe API::API do
Project.stub(:find).and_return(project)
end
context "when authenticated as user" do
it "should not transfer project to group" do
post api("/groups/#{group1.id}/projects/#{project.id}", user2)
......@@ -139,6 +138,7 @@ describe API::API do
group
end
let!(:group_no_members) { create(:group, owner: owner) }
describe "GET /groups/:id/members" do
context "when authenticated as user that is part or the group" do
it "each user: should return an array of members groups of group3" do
......@@ -154,6 +154,7 @@ describe API::API do
json_response.find { |e| e['id']==guest.id }['access_level'].should == UsersGroup::GUEST
end
end
it "users not part of the group should get access error" do
get api("/groups/#{group_with_members.id}/members", user1)
response.status.should == 403
......@@ -179,14 +180,17 @@ describe API::API do
json_response['access_level'].should == UsersGroup::MASTER
group_no_members.users_groups.count.should == count_before + 1
end
it "should return error if member already exists" do
post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: UsersGroup::MASTER
response.status.should == 409
end
it "should return a 400 error when user id is not given" do
post api("/groups/#{group_no_members.id}/members", owner), access_level: UsersGroup::MASTER
response.status.should == 400
end
it "should return a 400 error when access level is not given" do
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id
response.status.should == 400
......@@ -196,7 +200,6 @@ describe API::API do
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234
response.status.should == 422
end
end
end
......@@ -216,6 +219,7 @@ describe API::API do
response.status.should == 200
group_with_members.users_groups.count.should == count_before - 1
end
it "should return a 404 error when user id is not known" do
delete api("/groups/#{group_with_members.id}/members/1328", owner)
response.status.should == 404
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment