Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6dbcb880
Commit
6dbcb880
authored
Apr 08, 2016
by
Zeger-Jan van de Weg
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow a project member to leave the projected through the API
parent
734df1bb
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
31 additions
and
9 deletions
+31
-9
CHANGELOG
CHANGELOG
+1
-0
doc/api/projects.md
doc/api/projects.md
+4
-2
lib/api/project_members.rb
lib/api/project_members.rb
+9
-4
spec/requests/api/project_members_spec.rb
spec/requests/api/project_members_spec.rb
+17
-3
No files found.
CHANGELOG
View file @
6dbcb880
...
...
@@ -37,6 +37,7 @@ v 8.7.0 (unreleased)
- ClosingIssueExtractor regex now also works with colons. e.g. "Fixes: #1234" !3591
- Update number of Todos in the sidebar when it's marked as "Done". !3600
- API: Expose 'updated_at' for issue, snippet, and merge request notes (Robert Schilling)
- API: User can leave a project through the API when not master or owner. !3613
v 8.6.5
- Fix importing from GitHub Enterprise. !3529
...
...
doc/api/projects.md
View file @
6dbcb880
...
...
@@ -780,8 +780,10 @@ Parameters:
-
`id`
(required) - The ID or NAMESPACE/PROJECT_NAME of a project
-
`user_id`
(required) - The ID of a team member
This method is idempotent and can be called multiple times with the same parameters.
Revoking team membership for a user who is not currently a team member is considered success.
This method removes the project member if the user has the proper access rights to do so.
It returns a status code 403 if the member does not have the proper rights to perform this action.
In all other cases this method is idempotent and revoking team membership for a user who is not
currently a team member is considered success.
Please note that the returned JSON currently differs slightly. Thus you should not
rely on the returned JSON structure.
...
...
lib/api/project_members.rb
View file @
6dbcb880
...
...
@@ -93,12 +93,17 @@ module API
# Example Request:
# DELETE /projects/:id/members/:user_id
delete
":id/members/:user_id"
do
authorize!
:admin_project
,
user_project
project_member
=
user_project
.
project_members
.
find_by
(
user_id:
params
[
:user_id
])
unless
project_member
.
nil?
project_member
.
destroy
else
unless
current_user
.
can?
(
:admin_project
,
user_project
)
||
current_user
.
can?
(
:destroy_project_member
,
project_member
)
forbidden!
end
if
project_member
.
nil?
{
message:
"Access revoked"
,
id:
params
[
:user_id
].
to_i
}
else
project_member
.
destroy
end
end
end
...
...
spec/requests/api/project_members_spec.rb
View file @
6dbcb880
...
...
@@ -118,8 +118,10 @@ describe API::API, api: true do
end
describe
"DELETE /projects/:id/members/:user_id"
do
before
{
project_member
}
before
{
project_member2
}
before
do
project_member
project_member2
end
it
"should remove user from project team"
do
expect
do
...
...
@@ -132,6 +134,7 @@ describe API::API, api: true do
expect
do
delete
api
(
"/projects/
#{
project
.
id
}
/members/
#{
user3
.
id
}
"
,
user
)
end
.
to_not
change
{
ProjectMember
.
count
}
expect
(
response
.
status
).
to
eq
(
200
)
end
it
"should return 200 if team member already removed"
do
...
...
@@ -145,8 +148,19 @@ describe API::API, api: true do
delete
api
(
"/projects/
#{
project
.
id
}
/members/1000000"
,
user
)
end
.
to
change
{
ProjectMember
.
count
}.
by
(
0
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'message'
]).
to
eq
(
"Access revoked"
)
expect
(
json_response
[
'id'
]).
to
eq
(
1000000
)
expect
(
json_response
[
'message'
]).
to
eq
(
'Access revoked'
)
end
context
'when the user is not an admin or owner'
do
it
'can leave the project'
do
expect
do
delete
api
(
"/projects/
#{
project
.
id
}
/members/
#{
user3
.
id
}
"
,
user3
)
end
.
to
change
{
ProjectMember
.
count
}.
by
(
-
1
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'id'
]).
to
eq
(
project_member2
.
id
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment