Fix groups api: differ between users and admin

2013-02-01 15:00:12 +01:00 · 2013-02-01 15:00:12 +01:00 · 149ccd5d91
parent fc0c692870
commit 149ccd5d91
2 changed files with 50 additions and 44 deletions
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@ -33,7 +33,7 @@ module Gitlab
    end

    class Group < Grape::Entity
-      expose :id, :name, :path, :name, :owner_id, :type
+      expose :id, :name, :path, :owner_id
    end
    
    class GroupDetail < Grape::Entity
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@ -2,49 +2,55 @@ module Gitlab
  # groups API
  class Groups < Grape::API
    before { authenticate! }
-   
-       resource :groups do
-         # Get a groups list
-         #
-         # Example Request:
-         #  GET /groups
-         get do
-           @groups = paginate Group
-           present @groups, with: Entities::Group

-         end
-         
-         # Create group. Available only for admin
-         #
-         # Parameters:
-         #   name (required)                   - Name
-         #   path (required)                   - Path
-         # Example Request:
-         #   POST /groups
-         post do
-           authenticated_as_admin!
-           attrs = attributes_for_keys [:name, :path]
-           @group = Group.new(attrs)
-           @group.owner = current_user
-           
-           if @group.save
-             present @group, with: Entities::Group
-           else
-             not_found!
-           end
-         end
-         
-         # Get a single group, with containing projects
-         #
-         # Parameters:
-         #   id (required) - The ID of a group
-         # Example Request:
-         #   GET /groups/:id
-         get ":id" do
-           @group = Group.find(params[:id])
-           present @group, with: Entities::GroupDetail
-         end
-         
-       end
+    resource :groups do
+      # Get a groups list
+      #
+      # Example Request:
+      #  GET /groups
+      get do
+        if current_user.admin
+          @groups = paginate Group
+        else
+          @groups = paginate current_user.groups
+        end
+        present @groups, with: Entities::Group
+      end
+
+      # Create group. Available only for admin
+      #
+      # Parameters:
+      #   name (required)                   - Name
+      #   path (required)                   - Path
+      # Example Request:
+      #   POST /groups
+      post do
+        authenticated_as_admin!
+        attrs = attributes_for_keys [:name, :path]
+        @group = Group.new(attrs)
+        @group.owner = current_user
+
+        if @group.save
+          present @group, with: Entities::Group
+        else
+          not_found!
+        end
+      end
+
+      # Get a single group, with containing projects
+      #
+      # Parameters:
+      #   id (required) - The ID of a group
+      # Example Request:
+      #   GET /groups/:id
+      get ":id" do
+        @group = Group.find(params[:id])
+        if current_user.admin or current_user.groups.include? @group
+          present @group, with: Entities::GroupDetail
+        else
+          not_found!
+        end
+      end
+    end
  end
 end