Commit dc825ae3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'feature/api_remove_group' of /home/git/repositories/gitlab/gitlabhq

parents 2eb76186 93341579
...@@ -12,6 +12,7 @@ v 6.2.0 ...@@ -12,6 +12,7 @@ v 6.2.0
- Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev) - Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
- Rake tasks for web hooks management (Jonhnny Weslley) - Rake tasks for web hooks management (Jonhnny Weslley)
- Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov) - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
- API: Remove group
v 6.1.0 v 6.1.0
- Project specific IDs for issues, mr, milestones - Project specific IDs for issues, mr, milestones
......
...@@ -57,6 +57,19 @@ Parameters: ...@@ -57,6 +57,19 @@ Parameters:
+ `project_id` (required) - The ID of a project + `project_id` (required) - The ID of a project
## Remove group
Removes group with all projects inside.
```
DELETE /groups/:id
```
Parameters:
+ `id` (required) - The ID of a user group
## Group members ## Group members
......
...@@ -7,12 +7,14 @@ module API ...@@ -7,12 +7,14 @@ module API
helpers do helpers do
def find_group(id) def find_group(id)
group = Group.find(id) group = Group.find(id)
if current_user.admin or current_user.groups.include? group
if can?(current_user, :read_group, group)
group group
else else
render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403) render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
end end
end end
def validate_access_level?(level) def validate_access_level?(level)
Gitlab::Access.options_with_owner.values.include? level.to_i Gitlab::Access.options_with_owner.values.include? level.to_i
end end
...@@ -64,6 +66,19 @@ module API ...@@ -64,6 +66,19 @@ module API
present group, with: Entities::GroupDetail present group, with: Entities::GroupDetail
end end
# Remove group
#
# Parameters:
# id (required) - The ID of a group
# Example Request:
# DELETE /groups/:id
delete ":id" do
group = find_group(params[:id])
authorize! :manage_group, group
group.destroy
end
# Transfer a project to the Group namespace # Transfer a project to the Group namespace
# #
# Parameters: # Parameters:
...@@ -132,7 +147,6 @@ module API ...@@ -132,7 +147,6 @@ module API
member.destroy member.destroy
end end
end end
end end
end end
end end
...@@ -106,6 +106,44 @@ describe API::API do ...@@ -106,6 +106,44 @@ describe API::API do
end end
end end
describe "DELETE /groups/:id" do
context "when authenticated as user" do
it "should remove group" do
delete api("/groups/#{group1.id}", user1)
response.status.should == 200
end
it "should not remove a group if not an owner" do
user3 = create(:user)
group1.add_user(user3, Gitlab::Access::MASTER)
delete api("/groups/#{group1.id}", user3)
response.status.should == 403
end
it "should not remove a non existing group" do
delete api("/groups/1328", user1)
response.status.should == 404
end
it "should not remove a group not attached to user1" do
delete api("/groups/#{group2.id}", user1)
response.status.should == 403
end
end
context "when authenticated as admin" do
it "should remove any existing group" do
delete api("/groups/#{group2.id}", admin)
response.status.should == 200
end
it "should not remove a non existing group" do
delete api("/groups/1328", admin)
response.status.should == 404
end
end
end
describe "POST /groups/:id/projects/:project_id" do describe "POST /groups/:id/projects/:project_id" do
let(:project) { create(:project) } let(:project) { create(:project) }
before(:each) do before(:each) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment