From 4271f8feefad6c89997c0827793052f5938de7b2 Mon Sep 17 00:00:00 2001
From: Jason Goodman <jgoodman@gitlab.com>
Date: Fri, 14 Jun 2019 14:40:30 -0400
Subject: Prevent Developer role from bulk deleting docker tags via API

Allow Maintainer
---
 lib/api/container_registry.rb                | 2 +-
 spec/requests/api/container_registry_spec.rb | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/api/container_registry.rb b/lib/api/container_registry.rb
index b71a1119e51..7d9b5e1a598 100644
--- a/lib/api/container_registry.rb
+++ b/lib/api/container_registry.rb
@@ -66,7 +66,7 @@ module API
         optional :older_than, type: String, desc: 'Delete older than: 1h, 1d, 1month'
       end
       delete ':id/registry/repositories/:repository_id/tags', requirements: REGISTRY_ENDPOINT_REQUIREMENTS do
-        authorize_destroy_container_image!
+        authorize_admin_container_image!
 
         CleanupContainerRepositoryWorker.perform_async(current_user.id, repository.id,
           declared_params.except(:repository_id)) # rubocop: disable CodeReuse/ActiveRecord
diff --git a/spec/requests/api/container_registry_spec.rb b/spec/requests/api/container_registry_spec.rb
index cafd5d26c3e..4ad15ed6bea 100644
--- a/spec/requests/api/container_registry_spec.rb
+++ b/spec/requests/api/container_registry_spec.rb
@@ -122,14 +122,14 @@ describe API::ContainerRegistry do
   describe 'DELETE /projects/:id/registry/repositories/:repository_id/tags' do
     subject { delete api("/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags", api_user), params: params }
 
-    it_behaves_like 'being disallowed', :reporter do
+    it_behaves_like 'being disallowed', :developer do
       let(:params) do
         { name_regex: 'v10.*' }
       end
     end
 
-    context 'for developer' do
-      let(:api_user) { developer }
+    context 'for maintainer' do
+      let(:api_user) { maintainer }
 
       context 'without required parameters' do
         let(:params) { }
@@ -157,7 +157,7 @@ describe API::ContainerRegistry do
 
         it 'schedules cleanup of tags repository' do
           expect(CleanupContainerRepositoryWorker).to receive(:perform_async)
-            .with(developer.id, root_repository.id, worker_params)
+            .with(maintainer.id, root_repository.id, worker_params)
 
           subject
 
-- 
cgit v1.2.1