diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-10-07 11:32:25 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-10-07 11:32:25 +0000 |
| commit | dc825ae33016b91235e210c2d37323c076fcf572 (patch) | |
| tree | b6ec25a237eb7e145cde1e8f3d506ee67864cf05 | |
| parent | 2eb76186f503410df5018765bc32337a8754159a (diff) | |
| parent | 93341579b6fd11c57b464a974079bbd9fcc28ef5 (diff) | |
| download | gitlab-ce-dc825ae33016b91235e210c2d37323c076fcf572.tar.gz | |
Merge branch 'feature/api_remove_group' of /home/git/repositories/gitlab/gitlabhq
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | doc/api/groups.md | 13 | ||||
| -rw-r--r-- | lib/api/groups.rb | 18 | ||||
| -rw-r--r-- | spec/requests/api/groups_spec.rb | 38 |
4 files changed, 68 insertions, 2 deletions
diff --git a/CHANGELOG b/CHANGELOG index c1107717fc8..c4e411e2df5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -12,6 +12,7 @@ v 6.2.0 - Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev) - Rake tasks for web hooks management (Jonhnny Weslley) - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov) + - API: Remove group v 6.1.0 - Project specific IDs for issues, mr, milestones diff --git a/doc/api/groups.md b/doc/api/groups.md index f56c534667a..f5f5d769050 100644 --- a/doc/api/groups.md +++ b/doc/api/groups.md @@ -57,6 +57,19 @@ Parameters: + `project_id` (required) - The ID of a project +## Remove group + +Removes group with all projects inside. + +``` +DELETE /groups/:id +``` + +Parameters: + ++ `id` (required) - The ID of a user group + + ## Group members diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 396554404af..265417fd6bc 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -7,12 +7,14 @@ module API helpers do def find_group(id) group = Group.find(id) - if current_user.admin or current_user.groups.include? group + + if can?(current_user, :read_group, group) group else render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) end end + def validate_access_level?(level) Gitlab::Access.options_with_owner.values.include? level.to_i end @@ -64,6 +66,19 @@ module API present group, with: Entities::GroupDetail end + + # Remove group + # + # Parameters: + # id (required) - The ID of a group + # Example Request: + # DELETE /groups/:id + delete ":id" do + group = find_group(params[:id]) + authorize! :manage_group, group + group.destroy + end + # Transfer a project to the Group namespace # # Parameters: @@ -132,7 +147,6 @@ module API member.destroy end end - end end end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index a6ce72e11e9..25b9a10bd8c 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -106,6 +106,44 @@ describe API::API do end end + describe "DELETE /groups/:id" do + context "when authenticated as user" do + it "should remove group" do + delete api("/groups/#{group1.id}", user1) + response.status.should == 200 + end + + it "should not remove a group if not an owner" do + user3 = create(:user) + group1.add_user(user3, Gitlab::Access::MASTER) + delete api("/groups/#{group1.id}", user3) + response.status.should == 403 + end + + it "should not remove a non existing group" do + delete api("/groups/1328", user1) + response.status.should == 404 + end + + it "should not remove a group not attached to user1" do + delete api("/groups/#{group2.id}", user1) + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should remove any existing group" do + delete api("/groups/#{group2.id}", admin) + response.status.should == 200 + end + + it "should not remove a non existing group" do + delete api("/groups/1328", admin) + response.status.should == 404 + end + end + end + describe "POST /groups/:id/projects/:project_id" do let(:project) { create(:project) } before(:each) do |