Commit 2a8f44d1 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch 'container-registry-api-perms-58271' into 'master'

Align Container Registry API Delete Permissions with UI

See merge request gitlab-org/gitlab-ce!29512
parents 8ace9d91 a881a592
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
module Projects module Projects
module Registry module Registry
class TagsController < ::Projects::Registry::ApplicationController class TagsController < ::Projects::Registry::ApplicationController
before_action :authorize_update_container_image!, only: [:destroy] before_action :authorize_destroy_container_image!, only: [:destroy]
def index def index
respond_to do |format| respond_to do |format|
......
...@@ -258,6 +258,7 @@ class ProjectPolicy < BasePolicy ...@@ -258,6 +258,7 @@ class ProjectPolicy < BasePolicy
enable :resolve_note enable :resolve_note
enable :create_container_image enable :create_container_image
enable :update_container_image enable :update_container_image
enable :destroy_container_image
enable :create_environment enable :create_environment
enable :create_deployment enable :create_deployment
enable :create_release enable :create_release
......
---
title: Allow developer role to delete docker tags via container registry API
merge_request: 29512
author:
type: fixed
...@@ -115,12 +115,8 @@ module API ...@@ -115,12 +115,8 @@ module API
authorize! :read_container_image, repository authorize! :read_container_image, repository
end end
def authorize_update_container_image!
authorize! :update_container_image, repository
end
def authorize_destroy_container_image! def authorize_destroy_container_image!
authorize! :admin_container_image, repository authorize! :destroy_container_image, repository
end end
def authorize_admin_container_image! def authorize_admin_container_image!
......
...@@ -39,7 +39,7 @@ describe ProjectPolicy do ...@@ -39,7 +39,7 @@ describe ProjectPolicy do
admin_milestone admin_merge_request update_merge_request create_commit_status admin_milestone admin_merge_request update_merge_request create_commit_status
update_commit_status create_build update_build create_pipeline update_commit_status create_build update_build create_pipeline
update_pipeline create_merge_request_from create_wiki push_code update_pipeline create_merge_request_from create_wiki push_code
resolve_note create_container_image update_container_image resolve_note create_container_image update_container_image destroy_container_image
create_environment create_deployment create_release update_release create_environment create_deployment create_release update_release
] ]
end end
......
...@@ -201,10 +201,10 @@ describe API::ContainerRegistry do ...@@ -201,10 +201,10 @@ describe API::ContainerRegistry do
describe 'DELETE /projects/:id/registry/repositories/:repository_id/tags/:tag_name' do describe 'DELETE /projects/:id/registry/repositories/:repository_id/tags/:tag_name' do
subject { delete api("/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags/rootA", api_user) } subject { delete api("/projects/#{project.id}/registry/repositories/#{root_repository.id}/tags/rootA", api_user) }
it_behaves_like 'being disallowed', :developer it_behaves_like 'being disallowed', :reporter
context 'for maintainer' do context 'for developer' do
let(:api_user) { maintainer } let(:api_user) { developer }
before do before do
stub_container_registry_tags(repository: root_repository.path, tags: %w(rootA), with_manifest: true) stub_container_registry_tags(repository: root_repository.path, tags: %w(rootA), with_manifest: true)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment