From 5b45cd246373f18bf678dbdecad589733cfec8b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= <matteeyah@gmail.com>
Date: Mon, 12 Nov 2018 16:27:28 +0100
Subject: Implement MVC for Pipeline deletion API

---
 spec/requests/api/pipelines_spec.rb | 47 +++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

(limited to 'spec/requests/api/pipelines_spec.rb')

diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb
index f0e1992bccd..68de3068568 100644
--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
@@ -438,6 +438,53 @@ describe API::Pipelines do
     end
   end
 
+  describe 'DELETE /projects/:id/pipelines/:pipeline_id' do
+    context 'authorized user' do
+      it 'deletes the pipeline' do
+        delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", user)
+
+        expect(response).to have_gitlab_http_status(204)
+        expect { pipeline.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+
+      it 'returns 404 when it does not exist' do
+        delete api("/projects/#{project.id}/pipelines/123456", user)
+
+        expect(response).to have_gitlab_http_status(404)
+        expect(json_response['message']).to eq '404 Not found'
+      end
+
+      it 'logs an audit event' do
+        expect { delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", user) }.to change { SecurityEvent.count }.by(1)
+      end
+
+      context 'when the pipeline has jobs' do
+        let!(:pipeline) do
+          create(:ci_pipeline, project: project, sha: project.commit.id,
+                               ref: project.default_branch, user: user)
+        end
+
+        let!(:build) { create(:ci_build, project: project, pipeline: pipeline) }
+
+        it 'deletes associated jobs' do
+          delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", user)
+
+          expect(response).to have_gitlab_http_status(204)
+          expect { build.reload }.to raise_error(ActiveRecord::RecordNotFound)
+        end
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return a project pipeline' do
+        get api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member)
+
+        expect(response).to have_gitlab_http_status(404)
+        expect(json_response['message']).to eq '404 Project Not Found'
+      end
+    end
+  end
+
   describe 'POST /projects/:id/pipelines/:pipeline_id/retry' do
     context 'authorized user' do
       let!(:pipeline) do
-- 
cgit v1.2.1


From 99203bfe23975b8dbbaa5daa613fbc90fd39178f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= <matteeyah@gmail.com>
Date: Mon, 12 Nov 2018 19:18:57 +0100
Subject: Destroy pipeline in service

Move all logic for destroying a Pipeline into a service so it's easily
reusable.
---
 spec/requests/api/pipelines_spec.rb | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'spec/requests/api/pipelines_spec.rb')

diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb
index 68de3068568..e786b7531a9 100644
--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
@@ -440,34 +440,31 @@ describe API::Pipelines do
 
   describe 'DELETE /projects/:id/pipelines/:pipeline_id' do
     context 'authorized user' do
-      it 'deletes the pipeline' do
-        delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", user)
+      let(:owner) { project.owner }
+
+      it 'destroys the pipeline' do
+        delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", owner)
 
         expect(response).to have_gitlab_http_status(204)
         expect { pipeline.reload }.to raise_error(ActiveRecord::RecordNotFound)
       end
 
       it 'returns 404 when it does not exist' do
-        delete api("/projects/#{project.id}/pipelines/123456", user)
+        delete api("/projects/#{project.id}/pipelines/123456", owner)
 
         expect(response).to have_gitlab_http_status(404)
         expect(json_response['message']).to eq '404 Not found'
       end
 
       it 'logs an audit event' do
-        expect { delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", user) }.to change { SecurityEvent.count }.by(1)
+        expect { delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", owner) }.to change { SecurityEvent.count }.by(1)
       end
 
       context 'when the pipeline has jobs' do
-        let!(:pipeline) do
-          create(:ci_pipeline, project: project, sha: project.commit.id,
-                               ref: project.default_branch, user: user)
-        end
-
         let!(:build) { create(:ci_build, project: project, pipeline: pipeline) }
 
-        it 'deletes associated jobs' do
-          delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", user)
+        it 'destroys associated jobs' do
+          delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", owner)
 
           expect(response).to have_gitlab_http_status(204)
           expect { build.reload }.to raise_error(ActiveRecord::RecordNotFound)
@@ -476,7 +473,7 @@ describe API::Pipelines do
     end
 
     context 'unauthorized user' do
-      it 'should not return a project pipeline' do
+      it 'should return a 404' do
         get api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member)
 
         expect(response).to have_gitlab_http_status(404)
-- 
cgit v1.2.1


From de605ad1437e8e0beb5da76c900623dd541e1f72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= <matteeyah@gmail.com>
Date: Tue, 13 Nov 2018 19:32:10 +0100
Subject: Add spec for Pipeline DELETE for developers

---
 spec/requests/api/pipelines_spec.rb | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

(limited to 'spec/requests/api/pipelines_spec.rb')

diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb
index e786b7531a9..638cc9767d4 100644
--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
@@ -473,11 +473,28 @@ describe API::Pipelines do
     end
 
     context 'unauthorized user' do
-      it 'should return a 404' do
-        get api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member)
+      context 'when user is not member' do
+        it 'should return a 404' do
+          delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member)
 
-        expect(response).to have_gitlab_http_status(404)
-        expect(json_response['message']).to eq '404 Project Not Found'
+          expect(response).to have_gitlab_http_status(404)
+          expect(json_response['message']).to eq '404 Project Not Found'
+        end
+      end
+
+      context 'when user is developer' do
+        let(:developer) { create(:user) }
+
+        before do
+          project.add_developer(developer)
+        end
+
+        it 'should return a 403' do
+          delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", developer)
+
+          expect(response).to have_gitlab_http_status(403)
+          expect(json_response['message']).to eq '403 Forbidden'
+        end
       end
     end
   end
-- 
cgit v1.2.1