Skip to content

G
gitlab-ce
Commit 09d78a38 authored by Sean McGivern's avatar Sean McGivern
Browse files
Options

Merge branch 'grapify-ldap-group-links-api' into 'master' 

Grapify the LDAP group link API

See merge request !1002
parents 0a6e660b 16a8b5c6
Show whitespace changes
Inline Side-by-side
Showing with 30 additions and 39 deletions
lib/api/ldap_group_links.rb
View file @ 09d78a38
module API module API
# LDAP group links API
class LdapGroupLinks < Grape::API class LdapGroupLinks < Grape::API
before { authenticate! } before { authenticate! }
params do
requires :id, type: String, desc: 'The ID of a group'
end
resource :groups do resource :groups do
desc 'Add a linked LDAP group to group' do
# Add a linked LDAP group to group success Entities::LdapGroupLink
# end
# Parameters: params do
# id (required) - The ID of a group requires 'cn', type: String, desc: 'The CN of a LDAP group'
# cn (required) - The CN of a LDAP group requires 'group_access', type: Integer, values: Gitlab::Access.all_values,
# group_access (required) - Level of permissions for the linked LDAP group desc: 'Level of permissions for the linked LDAP group'
# provider (required) - the LDAP provider for this LDAP group requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
# end
# Example Request:
# POST /groups/:id/ldap_group_links
post ":id/ldap_group_links" do post ":id/ldap_group_links" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
required_attributes! [:cn, :group_access, :provider]
unless validate_access_level?(params[:group_access]) unless validate_access_level?(params[:group_access])
render_api_error!("Wrong group access level", 422) render_api_error!("Wrong group access level", 422)
end end
attrs = attributes_for_keys [:cn, :group_access, :provider] ldap_group_link = group.ldap_group_links.new(declared_params(include_missing: false))
ldap_group_link = group.ldap_group_links.new(attrs)
if ldap_group_link.save if ldap_group_link.save
present ldap_group_link, with: Entities::LdapGroupLink present ldap_group_link, with: Entities::LdapGroupLink
else else
...@@ -33,14 +30,10 @@ module API ...@@ -33,14 +30,10 @@ module API
end end
end end
# Remove a linked LDAP group from group desc 'Remove a linked LDAP group from group'
# params do
# Parameters: requires 'cn', type: String, desc: 'The CN of a LDAP group'
# id (required) - The ID of a group end
# cn (required) - The CN of a LDAP group
#
# Example Request:
# DELETE /groups/:id/ldap_group_links/:cn
delete ":id/ldap_group_links/:cn" do delete ":id/ldap_group_links/:cn" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
...@@ -53,15 +46,11 @@ module API ...@@ -53,15 +46,11 @@ module API
end end
end end
# Remove a linked LDAP group from group for a specific LDAP provider desc 'Remove a linked LDAP group from group'
# params do
# Parameters: requires 'cn', type: String, desc: 'The CN of a LDAP group'
# id (required) - The ID of a group requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
# provider (required) - A LDAP provider end
# cn (required) - The CN of a LDAP group
#
# Example Request:
# DELETE /groups/:id/ldap_group_links/:provider/:cn
delete ":id/ldap_group_links/:provider/:cn" do delete ":id/ldap_group_links/:provider/:cn" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
......
spec/requests/api/ldap_group_links_spec.rb
View file @ 09d78a38
...@@ -31,7 +31,7 @@ describe API::LdapGroupLinks, api: true do ...@@ -31,7 +31,7 @@ describe API::LdapGroupLinks, api: true do
it "does not allow less priviledged user to add LDAP group link" do it "does not allow less priviledged user to add LDAP group link" do
expect do expect do
post api("/groups/#{group_with_ldap_links.id}/ldap_group_links", user), post api("/groups/#{group_with_ldap_links.id}/ldap_group_links", user),
cn: 'ldap-group4', group_access: GroupMember::GUEST cn: 'ldap-group4', group_access: GroupMember::GUEST, provider: 'ldap3'
end.not_to change { group_with_ldap_links.ldap_group_links.count } end.not_to change { group_with_ldap_links.ldap_group_links.count }
expect(response.status).to eq(403) expect(response.status).to eq(403)
...@@ -81,7 +81,9 @@ describe API::LdapGroupLinks, api: true do ...@@ -81,7 +81,9 @@ describe API::LdapGroupLinks, api: true do
it "returns a 422 error when group access is not known" do it "returns a 422 error when group access is not known" do
post api("//groups/#{group_with_ldap_links.id}/ldap_group_links", owner), cn: 'ldap-group3', group_access: 11, provider: 'ldap1' post api("//groups/#{group_with_ldap_links.id}/ldap_group_links", owner), cn: 'ldap-group3', group_access: 11, provider: 'ldap1'
expect(response.status).to eq(422)
expect(response.status).to eq(400)
expect(json_response['error']).to eq('group_access does not have a valid value')
end end
end end
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7