From 0bd9d5bf026098082713dc8c5f3897376026fa7f Mon Sep 17 00:00:00 2001
From: eyad-hussein <eyad.hussein@ejust.edu.eg>
Date: Fri, 12 Jul 2024 01:28:59 +0300
Subject: [PATCH] api: implement endpoints for all org-project logic

---
 routers/api/v1/api.go | 51 +++++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 16 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 8606a27d22..417e75a8c0 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -976,9 +976,9 @@ func Routes() *web.Router {
 					m.Post("", bind(api.CreateProjectOption{}), org.CreateProject)
 					m.Group("/{id}", func() {
 						m.Post("", bind(api.EditProjectColumnOption{}), org.AddColumnToProject)
+						m.Delete("", org.DeleteProject)
+						m.Put("", bind(api.CreateProjectOption{}), org.EditProject)
 						m.Post("/move", org.MoveColumns)
-						m.Post("/delete", org.DeleteProject)
-						m.Post("/edit", bind(api.CreateProjectOption{}), org.EditProject)
 						m.Post("/{action:open|close}", org.ChangeProjectStatus)
 
 						m.Group("/{columnID}", func() {
@@ -998,20 +998,39 @@ func Routes() *web.Router {
 
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken(), context.UserAssignmentAPI())
 
-		// m.Group("orgs/{org}/-", func() {
-		// 	m.Group("/projects", func() {
-		// 		m.Group("", func() {
-		// 			// m.Get("", org.Projects)
-		// 			// m.Get("/{id}", org.ViewProject)
-		// 		}, reqUnitAccess(unit.TypeProjects, perm.AccessModeRead, true))
-		// 		m.Group("", func() {
-		// 			m.Post("", bind(api.CreateProjectOption{}), org.CreateProject)
-		// 			m.Group("/{id}", func() {
-		// 				m.Post("/{action:open|close}", org.ChangeProjectStatus)
-		// 			})
-		// 		}, reqUnitAccess(unit.TypeProjects, perm.AccessModeWrite, true))
-		// 	}, reqUnitAccess(unit.TypeProjects, perm.AccessModeRead, true), individualPermsChecker)
-		// }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), reqToken(), orgAssignment(true))
+		// Organizations (requires orgs scope)
+		m.Group("orgs/{org}/-", func() {
+			m.Group("/projects", func() {
+				m.Group("", func() {
+					m.Get("", org.GetProjects)
+					m.Get("/{id}", org.GetProject)
+				}, reqUnitAccess(unit.TypeProjects, perm.AccessModeRead, true))
+
+				m.Group("", func() {
+					m.Post("", bind(api.CreateProjectOption{}), org.CreateProject)
+					m.Group("/{id}", func() {
+						m.Post("", bind(api.EditProjectColumnOption{}), org.AddColumnToProject)
+						m.Delete("", org.DeleteProject)
+						m.Put("", bind(api.CreateProjectOption{}), org.EditProject)
+						m.Post("/move", org.MoveColumns)
+						m.Post("/{action:open|close}", org.ChangeProjectStatus)
+
+						m.Group("/{columnID}", func() {
+							m.Put("", bind(api.EditProjectColumnOption{}), org.EditProjectColumn)
+							m.Delete("", org.DeleteProjectColumn)
+							m.Post("/default", org.SetDefaultProjectColumn)
+							m.Post("/move", org.MoveIssues)
+						})
+					})
+				}, reqUnitAccess(unit.TypeProjects, perm.AccessModeWrite, true), func(ctx *context.APIContext) {
+					if ctx.ContextUser.IsIndividual() && ctx.ContextUser.ID != ctx.Doer.ID {
+						ctx.NotFound("NewProject", nil)
+						return
+					}
+				})
+			}, reqUnitAccess(unit.TypeProjects, perm.AccessModeRead, true), individualPermsChecker)
+
+		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), reqToken(), orgAssignment(true))
 
 		// Users (requires user scope)
 		m.Group("/users", func() {