1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
# frozen_string_literal: true
module API
class Invitations < ::API::Base
include PaginationParams
feature_category :user_profile
before { authenticate! }
helpers ::API::Helpers::MembersHelpers
%w[group project].each do |source_type|
params do
requires :id, type: String, desc: "The #{source_type} ID"
end
resource source_type.pluralize, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
desc 'Invite non-members by email address to a group or project.' do
detail 'This feature was introduced in GitLab 13.6'
success Entities::Invitation
tags %w[invitations]
end
params do
requires :access_level, type: Integer, values: ::API::Helpers::MembersHelpers.member_access_levels, desc: 'A valid access level (defaults: `30`, developer access level)'
optional :email, type: Array[String], email_or_email_list: true, coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The email address to invite, or multiple emails separated by comma'
optional :user_id, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The user ID of the new member or multiple IDs separated by commas.'
optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
optional :invite_source, type: String, desc: 'Source that triggered the member creation process', default: 'invitations-api'
end
post ":id/invitations", urgency: :low do
::Gitlab::QueryLimiting.disable!('https://gitlab.com/gitlab-org/gitlab/-/issues/354016')
bad_request!('Must provide either email or user_id as a parameter') if params[:email].blank? && params[:user_id].blank?
source = find_source(source_type, params[:id])
if ::Feature.enabled?(:admin_group_member, source)
authorize_admin_source_member!(source_type, source)
else
authorize_admin_source!(source_type, source)
end
create_service_params = params.merge(source: source)
::Members::InviteService.new(current_user, create_service_params).execute
end
desc 'Get a list of group or project invitations viewable by the authenticated user' do
detail 'This feature was introduced in GitLab 13.6'
success Entities::Invitation
is_array true
tags %w[invitations]
end
params do
optional :page, type: Integer, desc: 'Page to retrieve'
optional :per_page, type: Integer, desc: 'Number of member invitations to return per page'
optional :query, type: String, desc: 'A query string to search for members'
use :pagination
end
get ":id/invitations" do
source = find_source(source_type, params[:id])
query = params[:query]
if ::Feature.enabled?(:admin_group_member, source)
authorize_admin_source_member!(source_type, source)
else
authorize_admin_source!(source_type, source)
end
invitations = paginate(retrieve_member_invitations(source, query))
present_member_invitations invitations
end
desc 'Updates a group or project invitation.' do
success Entities::Member
tags %w[invitations]
end
params do
requires :email, type: String, desc: 'The email address of the invitation'
optional :access_level, type: Integer, values: Gitlab::Access.all_values, desc: 'A valid access level (defaults: `30`, developer access level)'
optional :expires_at, type: DateTime, desc: 'Date string in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`)'
end
put ":id/invitations/:email", requirements: { email: %r{[^/]+} } do
source = find_source(source_type, params.delete(:id))
invite_email = params[:email]
if ::Feature.enabled?(:admin_group_member, source)
authorize_admin_source_member!(source_type, source)
else
authorize_admin_source!(source_type, source)
end
invite = retrieve_member_invitations(source, invite_email).first
not_found! unless invite
update_params = declared_params(include_missing: false)
update_params.delete(:email)
bad_request! unless update_params.any?
result = ::Members::UpdateService
.new(current_user, update_params)
.execute(invite)
updated_member = result[:members].first
if result[:status] == :success
present_members updated_member
else
render_validation_error!(updated_member)
end
end
desc 'Removes an invitation from a group or project.' do
success code: 204
failure [
{ code: 403, message: 'Forbidden' },
{ code: 404, message: 'Not found' },
{ code: 409, message: 'Could not delete invitation' }
]
tags %w[invitations]
end
params do
requires :email, type: String, desc: 'The email address of the invitation'
end
delete ":id/invitations/:email", requirements: { email: %r{[^/]+} } do
source = find_source(source_type, params[:id])
invite_email = params[:email]
if ::Feature.enabled?(:admin_group_member, source)
authorize_admin_source_member!(source_type, source)
else
authorize_admin_source!(source_type, source)
end
invite = retrieve_member_invitations(source, invite_email).first
not_found! unless invite
destroy_conditionally!(invite) do
::Members::DestroyService.new(current_user, params).execute(invite)
unprocessable_entity! unless invite.destroyed?
end
end
end
end
end
end
|