table & model changes for group managers with permission to edit membership

app/controllers/groups_controller.rb

@@ -35,6 +35,38 @@ class GroupsController < ApplicationController
     }
   end
 
+  def add_members
+    guardian.ensure_can_edit!(the_group)
+
+    added_users = []
+    usernames = params.require(:usernames)
+    usernames.split(",").each do |username|
+      if user = User.find_by_username(username)
+        unless the_group.users.include?(user)
+          the_group.add(user)
+          added_users << user
+        end
+      end
+    end
+
+    # always succeeds, even if bogus usernames were provided
+    render_serialized(added_users, GroupUserSerializer)
+  end
+
+  def remove_member
+    guardian.ensure_can_edit!(the_group)
+
+    removed_users = []
+    username = params.require(:username)
+    if user = User.find_by_username(username)
+      the_group.remove(user)
+      removed_users << user
+    end
+
+    # always succeeds, even if user was not a member
+    render_serialized(removed_users, GroupUserSerializer)
+  end
+
   private
 
     def find_group(param_name)
@@ -44,4 +76,8 @@ class GroupsController < ApplicationController
       group
     end
 
+    def the_group
+      @the_group ||= find_group(:group_id)
+    end
+
 end