Merge branch 'feature/api_remove_group' of /home/git/repositories/gitlab/gitlabhq

dc825ae3 · Dmitriy Zaporozhets · 2eb76186 · 93341579 · dc825ae3 · dc825ae3
Commit dc825ae3 authored Oct 07, 2013 by Dmitriy Zaporozhets
Showing with 68 additions and 2 deletions

CHANGELOG CHANGELOG +1 -0

doc/api/groups.md doc/api/groups.md +13 -0

lib/api/groups.rb lib/api/groups.rb +16 -2

spec/requests/api/groups_spec.rb spec/requests/api/groups_spec.rb +38 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ v 6.2.0
  - Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
  - Rake tasks for web hooks management (Jonhnny Weslley)
  - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
+  - API: Remove group

 v 6.1.0
  - Project specific IDs for issues, mr, milestones

--- a/doc/api/groups.md
+++ b/doc/api/groups.md
@@ -57,6 +57,19 @@ Parameters:
 + `project_id` (required) - The ID of a project


+## Remove group
+
+Removes group with all projects inside.
+
+```
+DELETE /groups/:id
+```
+
+Parameters:
+
+ `id` (required) - The ID of a user group
+
+
 ## Group members



--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -7,12 +7,14 @@ module API
      helpers do
        def find_group(id)
          group = Group.find(id)
-          if current_user.admin or current_user.groups.include? group
+
+          if can?(current_user, :read_group, group)
            group
          else
            render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
          end
        end
+
        def validate_access_level?(level)
          Gitlab::Access.options_with_owner.values.include? level.to_i
        end
@@ -64,6 +66,19 @@ module API
        present group, with: Entities::GroupDetail
      end

+
+      # Remove group
+      #
+      # Parameters:
+      #   id (required) - The ID of a group
+      # Example Request:
+      #   DELETE /groups/:id
+      delete ":id" do
+        group = find_group(params[:id])
+        authorize! :manage_group, group
+        group.destroy
+      end
+
      # Transfer a project to the Group namespace
      #
      # Parameters:
@@ -132,7 +147,6 @@ module API
          member.destroy
        end
      end
-
    end
  end
 end
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -106,6 +106,44 @@ describe API::API do
    end
  end

+  describe "DELETE /groups/:id" do
+    context "when authenticated as user" do
+      it "should remove group" do
+        delete api("/groups/#{group1.id}", user1)
+        response.status.should == 200
+      end
+
+      it "should not remove a group if not an owner" do
+        user3 = create(:user)
+        group1.add_user(user3, Gitlab::Access::MASTER)
+        delete api("/groups/#{group1.id}", user3)
+        response.status.should == 403
+      end
+
+      it "should not remove a non existing group" do
+        delete api("/groups/1328", user1)
+        response.status.should == 404
+      end
+
+      it "should not remove a group not attached to user1" do
+        delete api("/groups/#{group2.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should remove any existing group" do
+        delete api("/groups/#{group2.id}", admin)
+        response.status.should == 200
+      end
+
+      it "should not remove a non existing group" do
+        delete api("/groups/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
  describe "POST /groups/:id/projects/:project_id" do
    let(:project) { create(:project) }
    before(:each) do