From 7a591810ad91acc222850f8620ff96a32f10c0b8 Mon Sep 17 00:00:00 2001
From: Virgil <virgil@lethean.io>
Date: Thu, 2 Apr 2026 02:26:07 +0000
Subject: [PATCH] feat(admin): add quota group membership endpoints

Co-Authored-By: Virgil <virgil@lethean.io>
---
 admin.go      | 24 +++++++++++++++++++
 admin_test.go | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)

diff --git a/admin.go b/admin.go
index d77eed3..c3f0ae1 100644
--- a/admin.go
+++ b/admin.go
@@ -155,6 +155,30 @@ func (s *AdminService) DeleteQuotaGroup(ctx context.Context, quotagroup string)
 	return s.client.Delete(ctx, path)
 }
 
+// ListQuotaGroupUsers returns all users in a quota group.
+func (s *AdminService) ListQuotaGroupUsers(ctx context.Context, quotagroup string) ([]types.User, error) {
+	path := ResolvePath("/api/v1/admin/quota/groups/{quotagroup}/users", Params{"quotagroup": quotagroup})
+	return ListAll[types.User](ctx, s.client, path, nil)
+}
+
+// IterQuotaGroupUsers returns an iterator over all users in a quota group.
+func (s *AdminService) IterQuotaGroupUsers(ctx context.Context, quotagroup string) iter.Seq2[types.User, error] {
+	path := ResolvePath("/api/v1/admin/quota/groups/{quotagroup}/users", Params{"quotagroup": quotagroup})
+	return ListIter[types.User](ctx, s.client, path, nil)
+}
+
+// AddQuotaGroupUser adds a user to a quota group.
+func (s *AdminService) AddQuotaGroupUser(ctx context.Context, quotagroup, username string) error {
+	path := ResolvePath("/api/v1/admin/quota/groups/{quotagroup}/users/{username}", Params{"quotagroup": quotagroup, "username": username})
+	return s.client.Put(ctx, path, nil, nil)
+}
+
+// RemoveQuotaGroupUser removes a user from a quota group.
+func (s *AdminService) RemoveQuotaGroupUser(ctx context.Context, quotagroup, username string) error {
+	path := ResolvePath("/api/v1/admin/quota/groups/{quotagroup}/users/{username}", Params{"quotagroup": quotagroup, "username": username})
+	return s.client.Delete(ctx, path)
+}
+
 // ListQuotaRules returns all available quota rules.
 func (s *AdminService) ListQuotaRules(ctx context.Context) ([]types.QuotaRuleInfo, error) {
 	return ListAll[types.QuotaRuleInfo](ctx, s.client, "/api/v1/admin/quota/rules", nil)
diff --git a/admin_test.go b/admin_test.go
index 31f4a26..900c818 100644
--- a/admin_test.go
+++ b/admin_test.go
@@ -513,6 +513,70 @@ func TestAdminService_DeleteQuotaGroup_Good(t *testing.T) {
 	}
 }
 
+func TestAdminService_ListQuotaGroupUsers_Good(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodGet {
+			t.Errorf("expected GET, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/admin/quota/groups/default/users" {
+			t.Errorf("wrong path: %s", r.URL.Path)
+		}
+		json.NewEncoder(w).Encode([]types.User{
+			{ID: 1, UserName: "alice"},
+			{ID: 2, UserName: "bob"},
+		})
+	}))
+	defer srv.Close()
+
+	f := NewForge(srv.URL, "tok")
+	users, err := f.Admin.ListQuotaGroupUsers(context.Background(), "default")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(users) != 2 {
+		t.Fatalf("got %d users, want 2", len(users))
+	}
+	if users[0].UserName != "alice" {
+		t.Errorf("got username=%q, want %q", users[0].UserName, "alice")
+	}
+}
+
+func TestAdminService_AddQuotaGroupUser_Good(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPut {
+			t.Errorf("expected PUT, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/admin/quota/groups/default/users/alice" {
+			t.Errorf("wrong path: %s", r.URL.Path)
+		}
+		w.WriteHeader(http.StatusNoContent)
+	}))
+	defer srv.Close()
+
+	f := NewForge(srv.URL, "tok")
+	if err := f.Admin.AddQuotaGroupUser(context.Background(), "default", "alice"); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestAdminService_RemoveQuotaGroupUser_Good(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodDelete {
+			t.Errorf("expected DELETE, got %s", r.Method)
+		}
+		if r.URL.Path != "/api/v1/admin/quota/groups/default/users/alice" {
+			t.Errorf("wrong path: %s", r.URL.Path)
+		}
+		w.WriteHeader(http.StatusNoContent)
+	}))
+	defer srv.Close()
+
+	f := NewForge(srv.URL, "tok")
+	if err := f.Admin.RemoveQuotaGroupUser(context.Background(), "default", "alice"); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func TestAdminService_ListQuotaRules_Good(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != http.MethodGet {