Merge branch 'api-group-visibility' into 'master'

API: Ability to update a group This makes it much easier to update a group after introducing the group visibility. * Closes #14991 See merge request !3587

Merge branch 'api-group-visibility' into 'master'
API: Ability to update a group This makes it much easier to update a group after introducing the group visibility. * Closes #14991 See merge request !3587
fc9e1be1 · Rémy Coutable · 64d71b4d · 5fb57241 · fc9e1be1 · fc9e1be1
Commit fc9e1be1 authored Apr 13, 2016 by Rémy Coutable
Showing with 152 additions and 2 deletions

CHANGELOG CHANGELOG +1 -0

doc/api/groups.md doc/api/groups.md +81 -0

lib/api/groups.rb lib/api/groups.rb +26 -2

spec/requests/api/groups_spec.rb spec/requests/api/groups_spec.rb +44 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ v 8.7.0 (unreleased)
  - Make HTTP(s) label consistent on clone bar (Stan Hu)
  - Expose label description in API (Mariusz Jachimowicz)
  - Allow back dating on issues when created through the API
+  - API: Ability to update a group (Robert Schilling)
  - Fix Error 500 after renaming a project path (Stan Hu)
  - Fix avatar stretching by providing a cropping feature
  - API: Expose `subscribed` for issues and merge requests (Robert Schilling)

--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -126,6 +126,87 @@ Parameters:
 - `id` (required) - The ID or path of a group
 - `project_id` (required) - The ID of a project

+## Update group
+
+Updates the project group. Only available to group owners and administrators.
+
+```
+PUT /groups/:id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer | yes | The ID of the group |
+| `name` | string | no | The name of the group |
+| `path` | string | no | The path of the group |
+| `description` | string | no | The description of the group |
+| `visibility_level` | integer | no | The visibility level of the group. 0 for private, 10 for internal, 20 for public. |
+
+```bash
+curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/groups/5?name=Experimental"
+
+```
+
+Example response:
+
+```json
+{
+  "id": 5,
+  "name": "Experimental",
+  "path": "h5bp",
+  "description": "foo",
+  "visibility_level": 10,
+  "avatar_url": null,
+  "web_url": "http://gitlab.example.com/groups/h5bp",
+  "projects": [
+    {
+      "id": 9,
+      "description": "foo",
+      "default_branch": "master",
+      "tag_list": [],
+      "public": false,
+      "archived": false,
+      "visibility_level": 10,
+      "ssh_url_to_repo": "git@gitlab.example.com/html5-boilerplate.git",
+      "http_url_to_repo": "http://gitlab.example.com/h5bp/html5-boilerplate.git",
+      "web_url": "http://gitlab.example.com/h5bp/html5-boilerplate",
+      "name": "Html5 Boilerplate",
+      "name_with_namespace": "Experimental / Html5 Boilerplate",
+      "path": "html5-boilerplate",
+      "path_with_namespace": "h5bp/html5-boilerplate",
+      "issues_enabled": true,
+      "merge_requests_enabled": true,
+      "wiki_enabled": true,
+      "builds_enabled": true,
+      "snippets_enabled": true,
+      "created_at": "2016-04-05T21:40:50.169Z",
+      "last_activity_at": "2016-04-06T16:52:08.432Z",
+      "shared_runners_enabled": true,
+      "creator_id": 1,
+      "namespace": {
+        "id": 5,
+        "name": "Experimental",
+        "path": "h5bp",
+        "owner_id": null,
+        "created_at": "2016-04-05T21:40:49.152Z",
+        "updated_at": "2016-04-07T08:07:48.466Z",
+        "description": "foo",
+        "avatar": {
+          "url": null
+        },
+        "share_with_group_lock": false,
+        "visibility_level": 10
+      },
+      "avatar_url": null,
+      "star_count": 1,
+      "forks_count": 0,
+      "open_issues_count": 3,
+      "public_builds": true
+    }
+  ]
+}
+```
+
 ## Remove group

 Removes group with all projects inside.

--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -23,8 +23,10 @@ module API
      # Create group. Available only for users who can create groups.
      #
      # Parameters:
-      #   name (required) - The name of the group
-      #   path (required) - The path of the group
+      #   name (required)             - The name of the group
+      #   path (required)             - The path of the group
+      #   description (optional)      - The description of the group
+      #   visibility_level (optional) - The visibility level of the group
      # Example Request:
      #   POST /groups
      post do
@@ -42,6 +44,28 @@ module API
        end
      end

+      # Update group. Available only for users who can administrate groups.
+      #
+      # Parameters:
+      #   id (required)               - The ID of a group
+      #   path (optional)             - The path of the group
+      #   description (optional)      - The description of the group
+      #   visibility_level (optional) - The visibility level of the group
+      # Example Request:
+      #   PUT /groups/:id
+      put ':id' do
+        group = find_group(params[:id])
+        authorize! :admin_group, group
+
+        attrs = attributes_for_keys [:name, :path, :description, :visibility_level]
+
+        if ::Groups::UpdateService.new(group, current_user, attrs).execute
+          present group, with: Entities::GroupDetail
+        else
+          render_validation_error!(group)
+        end
+      end
+
      # Get a single group, with containing projects
      #
      # Parameters:

--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -97,6 +97,50 @@ describe API::API, api: true  do
    end
  end

+  describe 'PUT /groups/:id' do
+    let(:new_group_name) { 'New Group'}
+
+    context 'when authenticated as the group owner' do
+      it 'updates the group' do
+        put api("/groups/#{group1.id}", user1), name: new_group_name
+
+        expect(response.status).to eq(200)
+        expect(json_response['name']).to eq(new_group_name)
+      end
+
+      it 'returns 404 for a non existing group' do
+        put api('/groups/1328', user1)
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'when authenticated as the admin' do
+      it 'updates the group' do
+        put api("/groups/#{group1.id}", admin), name: new_group_name
+
+        expect(response.status).to eq(200)
+        expect(json_response['name']).to eq(new_group_name)
+      end
+    end
+
+    context 'when authenticated as an user that can see the group' do
+      it 'does not updates the group' do
+        put api("/groups/#{group1.id}", user2), name: new_group_name
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'when authenticated as an user that cannot see the group' do
+      it 'returns 403 when trying to update the group' do
+        put api("/groups/#{group2.id}", user1), name: new_group_name
+
+        expect(response.status).to eq(403)
+      end
+    end
+  end
+
  describe "GET /groups/:id/projects" do
    context "when authenticated as user" do
      it "should return the group's projects" do