Commit 92eb9efc authored by Robert Schilling's avatar Robert Schilling Committed by Sean McGivern

API: Respect the 'If-Unmodified-Since' for delete endpoints

parent 965d87a2
...@@ -67,6 +67,9 @@ module API ...@@ -67,6 +67,9 @@ module API
end end
delete ":id/access_requests/:user_id" do delete ":id/access_requests/:user_id" do
source = find_source(source_type, params[:id]) source = find_source(source_type, params[:id])
member = source.public_send(:requesters).find_by!(user_id: params[:user_id])
check_unmodified_since(member.updated_at)
status 204 status 204
::Members::DestroyService.new(source, current_user, params) ::Members::DestroyService.new(source, current_user, params)
......
...@@ -85,6 +85,7 @@ module API ...@@ -85,6 +85,7 @@ module API
end end
delete "#{endpoint}/:award_id" do delete "#{endpoint}/:award_id" do
award = awardable.award_emoji.find(params[:award_id]) award = awardable.award_emoji.find(params[:award_id])
check_unmodified_since(award.updated_at)
unauthorized! unless award.user == current_user || current_user.admin? unauthorized! unless award.user == current_user || current_user.admin?
......
...@@ -118,6 +118,7 @@ module API ...@@ -118,6 +118,7 @@ module API
authorize!(:admin_list, user_project) authorize!(:admin_list, user_project)
list = board_lists.find(params[:list_id]) list = board_lists.find(params[:list_id])
check_unmodified_since(list.updated_at)
service = ::Boards::Lists::DestroyService.new(user_project, current_user) service = ::Boards::Lists::DestroyService.new(user_project, current_user)
......
...@@ -90,6 +90,7 @@ module API ...@@ -90,6 +90,7 @@ module API
end end
delete ':id' do delete ':id' do
message = find_message message = find_message
check_unmodified_since(message.updated_at)
status 204 status 204
message.destroy message.destroy
......
...@@ -125,6 +125,8 @@ module API ...@@ -125,6 +125,8 @@ module API
key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id]) key = user_project.deploy_keys_projects.find_by(deploy_key_id: params[:key_id])
not_found!('Deploy Key') unless key not_found!('Deploy Key') unless key
check_unmodified_since(key.updated_at)
status 204 status 204
key.destroy key.destroy
end end
......
...@@ -78,6 +78,7 @@ module API ...@@ -78,6 +78,7 @@ module API
authorize! :update_environment, user_project authorize! :update_environment, user_project
environment = user_project.environments.find(params[:environment_id]) environment = user_project.environments.find(params[:environment_id])
check_unmodified_since(environment.updated_at)
status 204 status 204
environment.destroy environment.destroy
......
...@@ -149,6 +149,8 @@ module API ...@@ -149,6 +149,8 @@ module API
delete ":id" do delete ":id" do
group = find_group!(params[:id]) group = find_group!(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
check_unmodified_since(group.updated_at)
status 204 status 204
::Groups::DestroyService.new(group, current_user).execute ::Groups::DestroyService.new(group, current_user).execute
......
...@@ -13,6 +13,14 @@ module API ...@@ -13,6 +13,14 @@ module API
declared(params, options).to_h.symbolize_keys declared(params, options).to_h.symbolize_keys
end end
def check_unmodified_since(last_modified)
if_unmodified_since = Time.parse(headers['If-Unmodified-Since']) if headers.key?('If-Unmodified-Since') rescue nil
if if_unmodified_since && if_unmodified_since < last_modified
render_api_error!('412 Precondition Failed', 412)
end
end
def current_user def current_user
return @current_user if defined?(@current_user) return @current_user if defined?(@current_user)
......
...@@ -236,6 +236,8 @@ module API ...@@ -236,6 +236,8 @@ module API
not_found!('Issue') unless issue not_found!('Issue') unless issue
authorize!(:destroy_issue, issue) authorize!(:destroy_issue, issue)
check_unmodified_since(issue.updated_at)
status 204 status 204
issue.destroy issue.destroy
end end
......
...@@ -56,6 +56,8 @@ module API ...@@ -56,6 +56,8 @@ module API
label = user_project.labels.find_by(title: params[:name]) label = user_project.labels.find_by(title: params[:name])
not_found!('Label') unless label not_found!('Label') unless label
check_unmodified_since(label.updated_at)
status 204 status 204
label.destroy label.destroy
end end
......
...@@ -99,8 +99,9 @@ module API ...@@ -99,8 +99,9 @@ module API
end end
delete ":id/members/:user_id" do delete ":id/members/:user_id" do
source = find_source(source_type, params[:id]) source = find_source(source_type, params[:id])
# Ensure the member exists # Ensure that memeber exists
source.members.find_by!(user_id: params[:user_id]) member = source.members.find_by!(user_id: params[:user_id])
check_unmodified_since(member.updated_at)
status 204 status 204
::Members::DestroyService.new(source, current_user, declared_params).execute ::Members::DestroyService.new(source, current_user, declared_params).execute
......
...@@ -193,6 +193,8 @@ module API ...@@ -193,6 +193,8 @@ module API
merge_request = find_project_merge_request(params[:merge_request_iid]) merge_request = find_project_merge_request(params[:merge_request_iid])
authorize!(:destroy_merge_request, merge_request) authorize!(:destroy_merge_request, merge_request)
check_unmodified_since(merge_request.updated_at)
status 204 status 204
merge_request.destroy merge_request.destroy
end end
......
...@@ -129,7 +129,9 @@ module API ...@@ -129,7 +129,9 @@ module API
end end
delete ":id/#{noteables_str}/:noteable_id/notes/:note_id" do delete ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
note = user_project.notes.find(params[:note_id]) note = user_project.notes.find(params[:note_id])
authorize! :admin_note, note authorize! :admin_note, note
check_unmodified_since(note.updated_at)
status 204 status 204
::Notes::DestroyService.new(user_project, current_user).execute(note) ::Notes::DestroyService.new(user_project, current_user).execute(note)
......
...@@ -96,6 +96,8 @@ module API ...@@ -96,6 +96,8 @@ module API
delete ":id/hooks/:hook_id" do delete ":id/hooks/:hook_id" do
hook = user_project.hooks.find(params.delete(:hook_id)) hook = user_project.hooks.find(params.delete(:hook_id))
check_unmodified_since(hook.updated_at)
status 204 status 204
hook.destroy hook.destroy
end end
......
...@@ -116,6 +116,8 @@ module API ...@@ -116,6 +116,8 @@ module API
not_found!('Snippet') unless snippet not_found!('Snippet') unless snippet
authorize! :admin_project_snippet, snippet authorize! :admin_project_snippet, snippet
check_unmodified_since(snippet.updated_at)
status 204 status 204
snippet.destroy snippet.destroy
end end
......
...@@ -346,6 +346,8 @@ module API ...@@ -346,6 +346,8 @@ module API
desc 'Remove a project' desc 'Remove a project'
delete ":id" do delete ":id" do
authorize! :remove_project, user_project authorize! :remove_project, user_project
check_unmodified_since(user_project.updated_at)
::Projects::DestroyService.new(user_project, current_user, {}).async_execute ::Projects::DestroyService.new(user_project, current_user, {}).async_execute
accepted! accepted!
......
...@@ -77,7 +77,9 @@ module API ...@@ -77,7 +77,9 @@ module API
end end
delete ':id' do delete ':id' do
runner = get_runner(params[:id]) runner = get_runner(params[:id])
authenticate_delete_runner!(runner) authenticate_delete_runner!(runner)
check_unmodified_since(runner.updated_at)
status 204 status 204
runner.destroy! runner.destroy!
......
...@@ -703,6 +703,8 @@ module API ...@@ -703,6 +703,8 @@ module API
end end
delete ":id/services/:service_slug" do delete ":id/services/:service_slug" do
service = user_project.find_or_initialize_service(params[:service_slug].underscore) service = user_project.find_or_initialize_service(params[:service_slug].underscore)
# Todo, not sure
check_unmodified_since(service.updated_at)
attrs = service_attributes(service).inject({}) do |hash, key| attrs = service_attributes(service).inject({}) do |hash, key|
hash.merge!(key => nil) hash.merge!(key => nil)
......
...@@ -122,6 +122,7 @@ module API ...@@ -122,6 +122,7 @@ module API
return not_found!('Snippet') unless snippet return not_found!('Snippet') unless snippet
authorize! :destroy_personal_snippet, snippet authorize! :destroy_personal_snippet, snippet
check_unmodified_since(snippet.updated_at)
status 204 status 204
snippet.destroy snippet.destroy
......
...@@ -66,6 +66,8 @@ module API ...@@ -66,6 +66,8 @@ module API
hook = SystemHook.find_by(id: params[:id]) hook = SystemHook.find_by(id: params[:id])
not_found!('System hook') unless hook not_found!('System hook') unless hook
check_unmodified_since(hook.updated_at)
status 204 status 204
hook.destroy hook.destroy
end end
......
...@@ -140,6 +140,8 @@ module API ...@@ -140,6 +140,8 @@ module API
trigger = user_project.triggers.find(params.delete(:trigger_id)) trigger = user_project.triggers.find(params.delete(:trigger_id))
return not_found!('Trigger') unless trigger return not_found!('Trigger') unless trigger
check_unmodified_since(trigger.updated_at)
status 204 status 204
trigger.destroy trigger.destroy
end end
......
...@@ -236,7 +236,12 @@ module API ...@@ -236,7 +236,12 @@ module API
key = user.keys.find_by(id: params[:key_id]) key = user.keys.find_by(id: params[:key_id])
not_found!('Key') unless key not_found!('Key') unless key
<<<<<<< HEAD
status 204 status 204
=======
check_unmodified_since(key.updated_at)
>>>>>>> API: Respect the 'If-Unmodified-Since' for delete endpoints
key.destroy key.destroy
end end
...@@ -293,7 +298,14 @@ module API ...@@ -293,7 +298,14 @@ module API
email = user.emails.find_by(id: params[:email_id]) email = user.emails.find_by(id: params[:email_id])
not_found!('Email') unless email not_found!('Email') unless email
<<<<<<< HEAD
Emails::DestroyService.new(user, email: email.email).execute Emails::DestroyService.new(user, email: email.email).execute
=======
check_unmodified_since(email.updated_at)
email.destroy
user.update_secondary_emails!
>>>>>>> API: Respect the 'If-Unmodified-Since' for delete endpoints
end end
desc 'Delete a user. Available only for admins.' do desc 'Delete a user. Available only for admins.' do
...@@ -305,11 +317,18 @@ module API ...@@ -305,11 +317,18 @@ module API
end end
delete ":id" do delete ":id" do
authenticated_as_admin! authenticated_as_admin!
user = User.find_by(id: params[:id]) user = User.find_by(id: params[:id])
not_found!('User') unless user not_found!('User') unless user
<<<<<<< HEAD
status 204 status 204
user.delete_async(deleted_by: current_user, params: params) user.delete_async(deleted_by: current_user, params: params)
=======
check_unmodified_since(user.updated_at)
::Users::DestroyService.new(current_user).execute(user)
>>>>>>> API: Respect the 'If-Unmodified-Since' for delete endpoints
end end
desc 'Block a user. Available only for admins.' desc 'Block a user. Available only for admins.'
...@@ -487,6 +506,8 @@ module API ...@@ -487,6 +506,8 @@ module API
key = current_user.keys.find_by(id: params[:key_id]) key = current_user.keys.find_by(id: params[:key_id])
not_found!('Key') unless key not_found!('Key') unless key
check_unmodified_since(key.updated_at)
status 204 status 204
key.destroy key.destroy
end end
...@@ -539,6 +560,7 @@ module API ...@@ -539,6 +560,7 @@ module API
email = current_user.emails.find_by(id: params[:email_id]) email = current_user.emails.find_by(id: params[:email_id])
not_found!('Email') unless email not_found!('Email') unless email
<<<<<<< HEAD
status 204 status 204
Emails::DestroyService.new(current_user, email: email.email).execute Emails::DestroyService.new(current_user, email: email.email).execute
end end
...@@ -556,6 +578,12 @@ module API ...@@ -556,6 +578,12 @@ module API
.reorder(last_activity_on: :asc) .reorder(last_activity_on: :asc)
present paginate(activities), with: Entities::UserActivity present paginate(activities), with: Entities::UserActivity
=======
check_unmodified_since(email.updated_at)
email.destroy
current_user.update_secondary_emails!
>>>>>>> API: Respect the 'If-Unmodified-Since' for delete endpoints
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment