Merge branch '9514-add-rest-endpoints-to-delete-packages' into 'master'

Resolve "Add REST endpoints to delete packages" Closes #9514 See merge request gitlab-org/gitlab-ee!9623

Merge branch '9514-add-rest-endpoints-to-delete-packages' into 'master'
Resolve "Add REST endpoints to delete packages" Closes #9514 See merge request gitlab-org/gitlab-ee!9623
ba7dabb4 · James Lopez · b2f99c46 · 97888a2e · ba7dabb4 · ba7dabb4
Commit ba7dabb4 authored Feb 21, 2019 by James Lopez
7 changed files
--- a/doc/api/packages.md
+++ b/doc/api/packages.md
@@ -15,7 +15,7 @@ GET /projects/:id/packages

 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`      | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
+| `id`      | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |

 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/:id/packages
@@ -54,8 +54,8 @@ GET /projects/:id/packages/:package_id/package_files

 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `id`      | integer/string | yes | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user. |
-| `package_id`      | integer | yes | The ID of a package. |
+| `id`      | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
+| `package_id`      | integer | yes | ID of a package. |

 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/packages/4/package_files
@@ -96,3 +96,27 @@ Example response:
 ```

 By default, the `GET` request will return 20 results, since the API is [paginated](README.md#pagination).
+
+## Delete a project package
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9623) in GitLab 11.9.
+
+Deletes a project package.
+
+```
+DELETE /projects/:id/packages/:package_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id`      | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) |
+| `package_id`      | integer | yes | ID of a package. |
+
+```bash
+curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/:id/packages/:package_id
+```
+
+Can return the following status codes:
+
+- `204 No Content`, if the package was deleted successfully.
+- `404 Not Found`, if the package was not found.
--- a/ee/changelogs/unreleased/9514-add-rest-endpoints-to-delete-packages.yml
+++ b/ee/changelogs/unreleased/9514-add-rest-endpoints-to-delete-packages.yml
+---
+title: Add DELETE package API endpoint
+merge_request: 9623
+author:
+type: added
--- a/ee/lib/api/helpers/packages_helpers.rb
+++ b/ee/lib/api/helpers/packages_helpers.rb
@@ -19,6 +19,10 @@ module API
      def authorize_create_package!
        authorize!(:create_package, user_project)
      end
+
+      def authorize_destroy_package!
+        authorize!(:destroy_package, user_project)
+      end
    end
  end
 end
--- a/ee/lib/api/packages.rb
+++ b/ee/lib/api/packages.rb
@@ -28,6 +28,21 @@ module API

        present paginate(packages), with: EE::API::Entities::Package
      end
+
+      desc 'Remove a package' do
+        detail 'This feature was introduced in GitLab 11.9'
+      end
+      params do
+        requires :package_id, type: Integer, desc: 'The ID of a package'
+      end
+      delete ':id/packages/:package_id' do
+        authorize_destroy_package!
+
+        package = ::Packages::PackageFinder
+          .new(user_project, params[:package_id]).execute
+
+        destroy_conditionally!(package)
+      end
    end
  end
 end
--- a/ee/spec/fixtures/api/schemas/public_api/v4/packages/package.json
+++ b/ee/spec/fixtures/api/schemas/public_api/v4/packages/package.json
+{
+  "type": "object",
+  "required" : ["name", "version", "package_type"],
+  "properties" : {
+    "name": { "type": "string" },
+    "version": { "type": "string" },
+    "package_type": { "type": "string" }
+  }
+}
--- a/ee/spec/fixtures/api/schemas/public_api/v4/packages/packages.json
+++ b/ee/spec/fixtures/api/schemas/public_api/v4/packages/packages.json
@@ -2,11 +2,8 @@
  "type": "array",
  "items": {
    "type": "object",
-    "required" : ["name", "version", "packages_type"],
-    "properties" : {
-      "name": { "type": "string" },
-      "version": { "type": "string" },
-      "packages_type": { "type": "string" }
+    "properties": {
+      "$ref": "./package.json"
    }
  }
 }
--- a/ee/spec/requests/api/packages_spec.rb
+++ b/ee/spec/requests/api/packages_spec.rb
@@ -7,10 +7,6 @@ describe API::Packages do
  let(:project) { create(:project, :public) }
  let(:package) { create(:npm_package, project: project) }

-  before do
-    project.add_developer(user)
-  end
-
  describe 'GET /projects/:id/packages' do
    let(:url) { "/projects/#{project.id}/packages" }

@@ -37,14 +33,14 @@ describe API::Packages do
        end

        it 'returns 404 for a user without access to the project' do
-          project.team.truncate
-
          get api(url, user)

          expect(response).to have_gitlab_http_status(404)
        end

        it 'returns 200 and valid response schema' do
+          project.add_maintainer(user)
+
          get api(url, user)

          expect(response).to have_gitlab_http_status(200)
@@ -59,6 +55,7 @@ describe API::Packages do
        let!(:package3) { create(:maven_package, project: project) }

        before do
+          project.add_maintainer(user)
          stub_licensed_features(packages: true)
        end

@@ -92,4 +89,72 @@ describe API::Packages do
      end
    end
  end
+
+  describe 'DELETE /projects/:id/packages/:package_id' do
+    let(:url) { "/projects/#{project.id}/packages/#{package.id}" }
+
+    context 'packages feature enabled' do
+      before do
+        stub_licensed_features(packages: true)
+      end
+
+      context 'project is public' do
+        it 'returns 403 for non authenticated user' do
+          delete api(url)
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+
+        it 'returns 403 for a user without access to the project' do
+          delete api(url, user)
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+      end
+
+      context 'project is private' do
+        let(:project) { create(:project, :private) }
+
+        it 'returns 404 for non authenticated user' do
+          delete api(url)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'returns 404 for a user without access to the project' do
+          delete api(url, user)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'returns 403 for a user without enough permissions' do
+          project.add_developer(user)
+
+          delete api(url, user)
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+
+        it 'returns 204' do
+          project.add_maintainer(user)
+
+          delete api(url, user)
+
+          expect(response).to have_gitlab_http_status(204)
+        end
+      end
+    end
+
+    context 'packages feature disabled' do
+      before do
+        stub_licensed_features(packages: false)
+      end
+
+      it 'returns 403' do
+        delete api(url, user)
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
+  end
 end