Merge branch 'feature/api_remove_group' of /home/git/repositories/gitlab/gitlabhq

Dmitriy Zaporozhets
2 parents 2eb76186 93341579
Showing 4 changed files with 68 additions and 2 deletions Show diff stats
CHANGELOG
doc/api/groups.md
lib/api/groups.rb
spec/requests/api/groups_spec.rb
@@ -12,6 +12,7 @@ v 6.2.0
   - Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
   - Rake tasks for web hooks management (Jonhnny Weslley)
   - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
+  - API: Remove group
 v 6.1.0
   - Project specific IDs for issues, mr, milestones
@@ -57,6 +57,19 @@ Parameters:
 + `project_id` (required) - The ID of a project
+## Remove group
+
+Removes group with all projects inside.
+
+```
+DELETE /groups/:id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user group
+
+
 ## Group members
@@ -7,12 +7,14 @@ module API
       helpers do
         def find_group(id)
           group = Group.find(id)
-          if current_user.admin or current_user.groups.include? group
+
+          if can?(current_user, :read_group, group)
             group
           else
             render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
           end
         end
+
         def validate_access_level?(level)
           Gitlab::Access.options_with_owner.values.include? level.to_i
         end
@@ -64,6 +66,19 @@ module API
         present group, with: Entities::GroupDetail
       end
+
+      # Remove group
+      #
+      # Parameters:
+      #   id (required) - The ID of a group
+      # Example Request:
+      #   DELETE /groups/:id
+      delete ":id" do
+        group = find_group(params[:id])
+        authorize! :manage_group, group
+        group.destroy
+      end
+
       # Transfer a project to the Group namespace
       #
       # Parameters:
@@ -132,7 +147,6 @@ module API
           member.destroy
         end
       end
-
     end
   end
 end
@@ -106,6 +106,44 @@ describe API::API do
     end
   end
+  describe "DELETE /groups/:id" do
+    context "when authenticated as user" do
+      it "should remove group" do
+        delete api("/groups/#{group1.id}", user1)
+        response.status.should == 200
+      end
+
+      it "should not remove a group if not an owner" do
+        user3 = create(:user)
+        group1.add_user(user3, Gitlab::Access::MASTER)
+        delete api("/groups/#{group1.id}", user3)
+        response.status.should == 403
+      end
+
+      it "should not remove a non existing group" do
+        delete api("/groups/1328", user1)
+        response.status.should == 404
+      end
+
+      it "should not remove a group not attached to user1" do
+        delete api("/groups/#{group2.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should remove any existing group" do
+        delete api("/groups/#{group2.id}", admin)
+        response.status.should == 200
+      end
+
+      it "should not remove a non existing group" do
+        delete api("/groups/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
   describe "POST /groups/:id/projects/:project_id" do
     let(:project) { create(:project) }
     before(:each) do
	@@ -12,6 +12,7 @@ v 6.2.0		@@ -12,6 +12,7 @@ v 6.2.0
12	- Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)	12	- Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
13	- Rake tasks for web hooks management (Jonhnny Weslley)	13	- Rake tasks for web hooks management (Jonhnny Weslley)
14	- Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)	14	- Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
		15	+ - API: Remove group
15		16
16	v 6.1.0	17	v 6.1.0
17	- Project specific IDs for issues, mr, milestones	18	- Project specific IDs for issues, mr, milestones
	@@ -57,6 +57,19 @@ Parameters:		@@ -57,6 +57,19 @@ Parameters:
57	+ `project_id` (required) - The ID of a project	57	+ `project_id` (required) - The ID of a project
58		58
59		59
		60	+## Remove group
		61	+
		62	+Removes group with all projects inside.
		63	+
		64	+```
		65	+DELETE /groups/:id
		66	+```
		67	+
		68	+Parameters:
		69	+
		70	++ `id` (required) - The ID of a user group
		71	+
		72	+
60	## Group members	73	## Group members
61		74
62		75
	@@ -106,6 +106,44 @@ describe API::API do		@@ -106,6 +106,44 @@ describe API::API do
106	end	106	end
107	end	107	end
108		108
		109	+ describe "DELETE /groups/:id" do
		110	+ context "when authenticated as user" do
		111	+ it "should remove group" do
		112	+ delete api("/groups/#{group1.id}", user1)
		113	+ response.status.should == 200
		114	+ end
		115	+
		116	+ it "should not remove a group if not an owner" do
		117	+ user3 = create(:user)
		118	+ group1.add_user(user3, Gitlab::Access::MASTER)
		119	+ delete api("/groups/#{group1.id}", user3)
		120	+ response.status.should == 403
		121	+ end
		122	+
		123	+ it "should not remove a non existing group" do
		124	+ delete api("/groups/1328", user1)
		125	+ response.status.should == 404
		126	+ end
		127	+
		128	+ it "should not remove a group not attached to user1" do
		129	+ delete api("/groups/#{group2.id}", user1)
		130	+ response.status.should == 403
		131	+ end
		132	+ end
		133	+
		134	+ context "when authenticated as admin" do
		135	+ it "should remove any existing group" do
		136	+ delete api("/groups/#{group2.id}", admin)
		137	+ response.status.should == 200
		138	+ end
		139	+
		140	+ it "should not remove a non existing group" do
		141	+ delete api("/groups/1328", admin)
		142	+ response.status.should == 404
		143	+ end
		144	+ end
		145	+ end
		146	+
109	describe "POST /groups/:id/projects/:project_id" do	147	describe "POST /groups/:id/projects/:project_id" do
110	let(:project) { create(:project) }	148	let(:project) { create(:project) }
111	before(:each) do	149	before(:each) do