Merge branch 'feature/api_remove_group' of /home/git/repositories/gitlab/gitlabhq

CHANGELOG

@@ -12,6 +12,7 @@ v 6.2.0
   - Update logic for validates_merge_request for tree of MR (Andrew Kumanyaev)
   - Rake tasks for web hooks management (Jonhnny Weslley)
   - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
+  - API: Remove group
 
 v 6.1.0
   - Project specific IDs for issues, mr, milestones

doc/api/groups.md

@@ -57,6 +57,19 @@ Parameters:
 + `project_id` (required) - The ID of a project
 
 
+## Remove group
+
+Removes group with all projects inside.
+
+```
+DELETE /groups/:id
+```
+
+Parameters:
+
++ `id` (required) - The ID of a user group
+
+
 ## Group members
 
 

lib/api/groups.rb

@@ -7,12 +7,14 @@ module API
       helpers do
         def find_group(id)
           group = Group.find(id)
-          if current_user.admin or current_user.groups.include? group
+
+          if can?(current_user, :read_group, group)
             group
           else
             render_api_error!("403 Forbidden - #{current_user.username} lacks sufficient access to #{group.name}", 403)
           end
         end
+
         def validate_access_level?(level)
           Gitlab::Access.options_with_owner.values.include? level.to_i
         end
@@ -64,6 +66,19 @@ module API
         present group, with: Entities::GroupDetail
       end
 
+
+      # Remove group
+      #
+      # Parameters:
+      #   id (required) - The ID of a group
+      # Example Request:
+      #   DELETE /groups/:id
+      delete ":id" do
+        group = find_group(params[:id])
+        authorize! :manage_group, group
+        group.destroy
+      end
+
       # Transfer a project to the Group namespace
       #
       # Parameters:
@@ -132,7 +147,6 @@ module API
           member.destroy
         end
       end
-
     end
   end
 end

spec/requests/api/groups_spec.rb

@@ -106,6 +106,44 @@ describe API::API do
     end
   end
 
+  describe "DELETE /groups/:id" do
+    context "when authenticated as user" do
+      it "should remove group" do
+        delete api("/groups/#{group1.id}", user1)
+        response.status.should == 200
+      end
+
+      it "should not remove a group if not an owner" do
+        user3 = create(:user)
+        group1.add_user(user3, Gitlab::Access::MASTER)
+        delete api("/groups/#{group1.id}", user3)
+        response.status.should == 403
+      end
+
+      it "should not remove a non existing group" do
+        delete api("/groups/1328", user1)
+        response.status.should == 404
+      end
+
+      it "should not remove a group not attached to user1" do
+        delete api("/groups/#{group2.id}", user1)
+        response.status.should == 403
+      end
+    end
+
+    context "when authenticated as admin" do
+      it "should remove any existing group" do
+        delete api("/groups/#{group2.id}", admin)
+        response.status.should == 200
+      end
+
+      it "should not remove a non existing group" do
+        delete api("/groups/1328", admin)
+        response.status.should == 404
+      end
+    end
+  end
+
   describe "POST /groups/:id/projects/:project_id" do
     let(:project) { create(:project) }
     before(:each) do