Merge branch 'feature/api-delete-job-artifacts' into 'master'

API: delete job_artifacts of a single job

See merge request gitlab-org/gitlab-ce!25522

app/policies/project_policy.rb

@@ -278,6 +278,7 @@ class ProjectPolicy < BasePolicy
     enable :admin_cluster
     enable :create_environment_terminal
     enable :destroy_release
+    enable :destroy_artifacts
     enable :daily_statistics
   end
 

changelogs/unreleased/feature-api-delete-job-artifacts.yml

+---
+title: Extend the Gitlab API for deletion of job_artifacts of a single job.
+merge_request: 25522
+author: rroger
+type: added

lib/api/helpers.rb

@@ -244,6 +244,10 @@ module API
       authorize! :read_build, user_project
     end
 
+    def authorize_destroy_artifacts!
+      authorize! :destroy_artifacts, user_project
+    end
+
     def authorize_update_builds!
       authorize! :update_build, user_project
     end

lib/api/job_artifacts.rb

@@ -109,6 +109,22 @@ module API
         status 200
         present build, with: Entities::Job
       end
+
+      desc 'Delete the artifacts files from a job' do
+        detail 'This feature was introduced in GitLab 11.9'
+      end
+      params do
+        requires :job_id, type: Integer, desc: 'The ID of a job'
+      end
+      delete ':id/jobs/:job_id/artifacts' do
+        authorize_destroy_artifacts!
+        build = find_build!(params[:job_id])
+        authorize!(:destroy_artifacts, build)
+
+        build.erase_erasable_artifacts!
+
+        status :no_content
+      end
     end
   end
 end

spec/requests/api/jobs_spec.rb

@@ -321,6 +321,49 @@ describe API::Jobs do
     end
   end
 
+  describe 'DELETE /projects/:id/jobs/:job_id/artifacts' do
+    let!(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) }
+
+    before do
+      delete api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user)
+    end
+
+    context 'when user is anonymous' do
+      let(:api_user) { nil }
+
+      it 'does not delete artifacts' do
+        expect(job.job_artifacts.size).to eq 2
+      end
+
+      it 'returns status 401 (unauthorized)' do
+        expect(response).to have_http_status :unauthorized
+      end
+    end
+
+    context 'with developer' do
+      it 'does not delete artifacts' do
+        expect(job.job_artifacts.size).to eq 2
+      end
+
+      it 'returns status 403 (forbidden)' do
+        expect(response).to have_http_status :forbidden
+      end
+    end
+
+    context 'with authorized user' do
+      let(:maintainer) { create(:project_member, :maintainer, project: project).user }
+      let!(:api_user) { maintainer }
+
+      it 'deletes artifacts' do
+        expect(job.job_artifacts.size).to eq 0
+      end
+
+      it 'returns status 204 (no content)' do
+        expect(response).to have_http_status :no_content
+      end
+    end
+  end
+
   describe 'GET /projects/:id/jobs/:job_id/artifacts/:artifact_path' do
     context 'when job has artifacts' do
       let(:job) { create(:ci_build, :artifacts, pipeline: pipeline) }