Commit fadcc251 authored by Izaak Alpert's avatar Izaak Alpert

Fixes for @Randx

Change-Id: I3b15ae34c0957a0f4026e1886c92a9770e9d170e
parent 8248e1f2
...@@ -14,9 +14,10 @@ module API ...@@ -14,9 +14,10 @@ module API
end end
end end
def validate_access_level?(level) def validate_access_level?(level)
[UsersGroup::GUEST, UsersGroup::REPORTER, UsersGroup::DEVELOPER, UsersGroup::MASTER].include? level.to_i Gitlab::Access.options_with_owner.values.include? level.to_i
end end
end end
# Get a groups list # Get a groups list
# #
# Example Request: # Example Request:
...@@ -88,7 +89,7 @@ module API ...@@ -88,7 +89,7 @@ module API
get ":id/members" do get ":id/members" do
group = find_group(params[:id]) group = find_group(params[:id])
members = group.users_groups members = group.users_groups
users = (paginate members).collect { | member| member.user} users = (paginate members).collect(&:user)
present users, with: Entities::GroupMember, group: group present users, with: Entities::GroupMember, group: group
end end
...@@ -102,7 +103,7 @@ module API ...@@ -102,7 +103,7 @@ module API
# POST /groups/:id/members # POST /groups/:id/members
post ":id/members" do post ":id/members" do
required_attributes! [:user_id, :access_level] required_attributes! [:user_id, :access_level]
if not validate_access_level?(params[:access_level]) unless validate_access_level?(params[:access_level])
render_api_error!("Wrong access level", 422) render_api_error!("Wrong access level", 422)
end end
group = find_group(params[:id]) group = find_group(params[:id])
......
...@@ -108,7 +108,6 @@ describe API::API do ...@@ -108,7 +108,6 @@ describe API::API do
Project.stub(:find).and_return(project) Project.stub(:find).and_return(project)
end end
context "when authenticated as user" do context "when authenticated as user" do
it "should not transfer project to group" do it "should not transfer project to group" do
post api("/groups/#{group1.id}/projects/#{project.id}", user2) post api("/groups/#{group1.id}/projects/#{project.id}", user2)
...@@ -139,6 +138,7 @@ describe API::API do ...@@ -139,6 +138,7 @@ describe API::API do
group group
end end
let!(:group_no_members) { create(:group, owner: owner) } let!(:group_no_members) { create(:group, owner: owner) }
describe "GET /groups/:id/members" do describe "GET /groups/:id/members" do
context "when authenticated as user that is part or the group" do context "when authenticated as user that is part or the group" do
it "each user: should return an array of members groups of group3" do it "each user: should return an array of members groups of group3" do
...@@ -154,6 +154,7 @@ describe API::API do ...@@ -154,6 +154,7 @@ describe API::API do
json_response.find { |e| e['id']==guest.id }['access_level'].should == UsersGroup::GUEST json_response.find { |e| e['id']==guest.id }['access_level'].should == UsersGroup::GUEST
end end
end end
it "users not part of the group should get access error" do it "users not part of the group should get access error" do
get api("/groups/#{group_with_members.id}/members", user1) get api("/groups/#{group_with_members.id}/members", user1)
response.status.should == 403 response.status.should == 403
...@@ -179,14 +180,17 @@ describe API::API do ...@@ -179,14 +180,17 @@ describe API::API do
json_response['access_level'].should == UsersGroup::MASTER json_response['access_level'].should == UsersGroup::MASTER
group_no_members.users_groups.count.should == count_before + 1 group_no_members.users_groups.count.should == count_before + 1
end end
it "should return error if member already exists" do it "should return error if member already exists" do
post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: UsersGroup::MASTER post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: UsersGroup::MASTER
response.status.should == 409 response.status.should == 409
end end
it "should return a 400 error when user id is not given" do it "should return a 400 error when user id is not given" do
post api("/groups/#{group_no_members.id}/members", owner), access_level: UsersGroup::MASTER post api("/groups/#{group_no_members.id}/members", owner), access_level: UsersGroup::MASTER
response.status.should == 400 response.status.should == 400
end end
it "should return a 400 error when access level is not given" do it "should return a 400 error when access level is not given" do
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id
response.status.should == 400 response.status.should == 400
...@@ -196,7 +200,6 @@ describe API::API do ...@@ -196,7 +200,6 @@ describe API::API do
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234 post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234
response.status.should == 422 response.status.should == 422
end end
end end
end end
...@@ -216,6 +219,7 @@ describe API::API do ...@@ -216,6 +219,7 @@ describe API::API do
response.status.should == 200 response.status.should == 200
group_with_members.users_groups.count.should == count_before - 1 group_with_members.users_groups.count.should == count_before - 1
end end
it "should return a 404 error when user id is not known" do it "should return a 404 error when user id is not known" do
delete api("/groups/#{group_with_members.id}/members/1328", owner) delete api("/groups/#{group_with_members.id}/members/1328", owner)
response.status.should == 404 response.status.should == 404
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment