Commit 09d78a38 authored by Sean McGivern's avatar Sean McGivern

Merge branch 'grapify-ldap-group-links-api' into 'master'

Grapify the LDAP group link API

See merge request !1002
parents 0a6e660b 16a8b5c6
module API module API
# LDAP group links API
class LdapGroupLinks < Grape::API class LdapGroupLinks < Grape::API
before { authenticate! } before { authenticate! }
params do
requires :id, type: String, desc: 'The ID of a group'
end
resource :groups do resource :groups do
desc 'Add a linked LDAP group to group' do
# Add a linked LDAP group to group success Entities::LdapGroupLink
# end
# Parameters: params do
# id (required) - The ID of a group requires 'cn', type: String, desc: 'The CN of a LDAP group'
# cn (required) - The CN of a LDAP group requires 'group_access', type: Integer, values: Gitlab::Access.all_values,
# group_access (required) - Level of permissions for the linked LDAP group desc: 'Level of permissions for the linked LDAP group'
# provider (required) - the LDAP provider for this LDAP group requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
# end
# Example Request:
# POST /groups/:id/ldap_group_links
post ":id/ldap_group_links" do post ":id/ldap_group_links" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
required_attributes! [:cn, :group_access, :provider]
unless validate_access_level?(params[:group_access]) unless validate_access_level?(params[:group_access])
render_api_error!("Wrong group access level", 422) render_api_error!("Wrong group access level", 422)
end end
attrs = attributes_for_keys [:cn, :group_access, :provider] ldap_group_link = group.ldap_group_links.new(declared_params(include_missing: false))
ldap_group_link = group.ldap_group_links.new(attrs)
if ldap_group_link.save if ldap_group_link.save
present ldap_group_link, with: Entities::LdapGroupLink present ldap_group_link, with: Entities::LdapGroupLink
else else
render_api_error!(ldap_group_link.errors.full_messages.first, 409) render_api_error!(ldap_group_link.errors.full_messages.first, 409)
end end
end end
# Remove a linked LDAP group from group desc 'Remove a linked LDAP group from group'
# params do
# Parameters: requires 'cn', type: String, desc: 'The CN of a LDAP group'
# id (required) - The ID of a group end
# cn (required) - The CN of a LDAP group
#
# Example Request:
# DELETE /groups/:id/ldap_group_links/:cn
delete ":id/ldap_group_links/:cn" do delete ":id/ldap_group_links/:cn" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn]) ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn])
if ldap_group_link if ldap_group_link
ldap_group_link.destroy ldap_group_link.destroy
...@@ -53,19 +46,15 @@ module API ...@@ -53,19 +46,15 @@ module API
end end
end end
# Remove a linked LDAP group from group for a specific LDAP provider desc 'Remove a linked LDAP group from group'
# params do
# Parameters: requires 'cn', type: String, desc: 'The CN of a LDAP group'
# id (required) - The ID of a group requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
# provider (required) - A LDAP provider end
# cn (required) - The CN of a LDAP group
#
# Example Request:
# DELETE /groups/:id/ldap_group_links/:provider/:cn
delete ":id/ldap_group_links/:provider/:cn" do delete ":id/ldap_group_links/:provider/:cn" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn], provider: params[:provider]) ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn], provider: params[:provider])
if ldap_group_link if ldap_group_link
ldap_group_link.destroy ldap_group_link.destroy
......
...@@ -31,7 +31,7 @@ describe API::LdapGroupLinks, api: true do ...@@ -31,7 +31,7 @@ describe API::LdapGroupLinks, api: true do
it "does not allow less priviledged user to add LDAP group link" do it "does not allow less priviledged user to add LDAP group link" do
expect do expect do
post api("/groups/#{group_with_ldap_links.id}/ldap_group_links", user), post api("/groups/#{group_with_ldap_links.id}/ldap_group_links", user),
cn: 'ldap-group4', group_access: GroupMember::GUEST cn: 'ldap-group4', group_access: GroupMember::GUEST, provider: 'ldap3'
end.not_to change { group_with_ldap_links.ldap_group_links.count } end.not_to change { group_with_ldap_links.ldap_group_links.count }
expect(response.status).to eq(403) expect(response.status).to eq(403)
...@@ -81,7 +81,9 @@ describe API::LdapGroupLinks, api: true do ...@@ -81,7 +81,9 @@ describe API::LdapGroupLinks, api: true do
it "returns a 422 error when group access is not known" do it "returns a 422 error when group access is not known" do
post api("//groups/#{group_with_ldap_links.id}/ldap_group_links", owner), cn: 'ldap-group3', group_access: 11, provider: 'ldap1' post api("//groups/#{group_with_ldap_links.id}/ldap_group_links", owner), cn: 'ldap-group3', group_access: 11, provider: 'ldap1'
expect(response.status).to eq(422)
expect(response.status).to eq(400)
expect(json_response['error']).to eq('group_access does not have a valid value')
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment