From 2a2a9feee2caa72bdc81d75a1701a023bfb53b82 Mon Sep 17 00:00:00 2001
From: Wenkai Yin <yinw@vmware.com>
Date: Mon, 19 Sep 2016 17:58:29 +0800
Subject: [PATCH] fix #761

---
 api/member.go     | 23 ++++++++++++++++-------
 docs/swagger.yaml |  2 +-
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/api/member.go b/api/member.go
index 685dc132e..1fe38a1a7 100644
--- a/api/member.go
+++ b/api/member.go
@@ -142,13 +142,22 @@ func (pma *ProjectMemberAPI) Post() {
 		return
 	}
 
-	for _, rid := range req.Roles {
-		err = dao.AddProjectMember(projectID, userID, int(rid))
-		if err != nil {
-			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", projectID, userID, rid)
-			pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
-			return
-		}
+	if len(req.Roles) <= 0 || len(req.Roles) > 1 {
+		pma.CustomAbort(http.StatusBadRequest, "only one role is supported")
+	}
+
+	rid := req.Roles[0]
+	if !(rid == models.PROJECTADMIN ||
+		rid == models.DEVELOPER ||
+		rid == models.GUEST) {
+		pma.CustomAbort(http.StatusBadRequest, "invalid role")
+	}
+
+	err = dao.AddProjectMember(projectID, userID, rid)
+	if err != nil {
+		log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", projectID, userID, rid)
+		pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
+		return
 	}
 }
 
diff --git a/docs/swagger.yaml b/docs/swagger.yaml
index c979e057a..72e68b6f3 100644
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -314,7 +314,7 @@ paths:
           description: Relevant project ID.
         - name: roles
           in: body
-          description: Role members for adding to relevant project.
+          description: Role members for adding to relevant project. Only one role is supported in the role list.
           schema:
             $ref: '#/definitions/RoleParam'
       tags: