Fix groups api: differ between users and admin

author: Christian Simon <cs@f03.eu> 2013-02-01 18:00:12 +0400
committer: Christian Simon <cs@f03.eu> 2013-02-01 18:00:12 +0400
commit: 149ccd5d91abf0c4b7ec610c03ad46a8ad17eec2 (patch)
tree: 7b32fac640f5d089c121f35b803b2a16756131ad /lib/api/groups.rb
parent: fc0c69287069af9a47176abb1488f653f91eebdb (diff)
1 files changed, 49 insertions, 43 deletions
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index bc856eccdab..a67caef0bc5 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -2,49 +2,55 @@ module Gitlab
   # groups API
   class Groups < Grape::API
     before { authenticate! }
-   
-       resource :groups do
-         # Get a groups list
-         #
-         # Example Request:
-         #  GET /groups
-         get do
-           @groups = paginate Group
-           present @groups, with: Entities::Group
 
-         end
-         
-         # Create group. Available only for admin
-         #
-         # Parameters:
-         #   name (required)                   - Name
-         #   path (required)                   - Path
-         # Example Request:
-         #   POST /groups
-         post do
-           authenticated_as_admin!
-           attrs = attributes_for_keys [:name, :path]
-           @group = Group.new(attrs)
-           @group.owner = current_user
-           
-           if @group.save
-             present @group, with: Entities::Group
-           else
-             not_found!
-           end
-         end
-         
-         # Get a single group, with containing projects
-         #
-         # Parameters:
-         #   id (required) - The ID of a group
-         # Example Request:
-         #   GET /groups/:id
-         get ":id" do
-           @group = Group.find(params[:id])
-           present @group, with: Entities::GroupDetail
-         end
-         
-       end
+    resource :groups do
+      # Get a groups list
+      #
+      # Example Request:
+      #  GET /groups
+      get do
+        if current_user.admin
+          @groups = paginate Group
+        else
+          @groups = paginate current_user.groups
+        end
+        present @groups, with: Entities::Group
+      end
+
+      # Create group. Available only for admin
+      #
+      # Parameters:
+      #   name (required)                   - Name
+      #   path (required)                   - Path
+      # Example Request:
+      #   POST /groups
+      post do
+        authenticated_as_admin!
+        attrs = attributes_for_keys [:name, :path]
+        @group = Group.new(attrs)
+        @group.owner = current_user
+
+        if @group.save
+          present @group, with: Entities::Group
+        else
+          not_found!
+        end
+      end
+
+      # Get a single group, with containing projects
+      #
+      # Parameters:
+      #   id (required) - The ID of a group
+      # Example Request:
+      #   GET /groups/:id
+      get ":id" do
+        @group = Group.find(params[:id])
+        if current_user.admin or current_user.groups.include? @group
+          present @group, with: Entities::GroupDetail
+        else
+          not_found!
+        end
+      end
+    end
   end
 end
author	Christian Simon <cs@f03.eu>	2013-02-01 18:00:12 +0400
committer	Christian Simon <cs@f03.eu>	2013-02-01 18:00:12 +0400
commit	149ccd5d91abf0c4b7ec610c03ad46a8ad17eec2 (patch)
tree	7b32fac640f5d089c121f35b803b2a16756131ad /lib/api/groups.rb
parent	fc0c69287069af9a47176abb1488f653f91eebdb (diff)