Add delete endpoint for Alert metric images

Changelog: added EE: true

Add delete endpoint for Alert metric images
Changelog: added EE: true
9226d47f · Sean Arnold · Nick Gaskill · 47e1c231 · 9226d47f · 9226d47f
Commit 9226d47f authored Feb 28, 2022 by Sean Arnold Committed by Nick Gaskill Feb 28, 2022
3 changed files
--- a/doc/api/alert_management_alerts.md
+++ b/doc/api/alert_management_alerts.md
@@ -106,3 +106,24 @@ Example response:
    "url_text": "Example website"
 }
 ```
+
+## Delete metric image
+
+```plaintext
+DELETE /projects/:id/alert_management_alerts/:alert_iid/metric_images/:image_id
+```
+
+| Attribute   | Type    | Required | Description                          |
+|-------------|---------|----------|--------------------------------------|
+| `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
+| `alert_iid` | integer | yes      | The internal ID of a project's alert. |
+| `image_id` | integer | yes      | The ID of the image. |
+
+```shell
+curl --header "PRIVATE-TOKEN: <your_access_token>" --request DELETE "https://gitlab.example.com/api/v4/projects/5/alert_management_alerts/93/metric_images/1"
+```
+
+Can return the following status codes:
+
+- `204 No Content`: if the image was deleted successfully.
+- `422 Unprocessable`: if the image could not be deleted.
--- a/ee/lib/api/alert_management_alerts.rb
+++ b/ee/lib/api/alert_management_alerts.rb
@@ -86,10 +86,34 @@ module API

          render_api_error!('Metric image not found', 404) unless metric_image

-          if metric_image&.update(params.slice(:url, :url_text))
+          if metric_image.update(params.slice(:url, :url_text))
            present metric_image, with: Entities::MetricImage, current_user: current_user, project: user_project
          else
-            render_api_error!('Metric image could not be updated', 422)
+            unprocessable_entity!('Metric image could not be updated')
+          end
+        end
+
+        desc 'Remove a metric image for an alert' do
+          success Entities::MetricImage
+        end
+        params do
+          requires :metric_image_id, type: Integer, desc: 'The ID of metric image'
+        end
+        delete ':metric_image_id' do
+          alert = find_project_alert(params[:alert_iid])
+
+          authorize!(:destroy_alert_management_metric_image, alert)
+
+          render_api_error!('Feature not available', 403) unless alert.metric_images_available?
+
+          metric_image = alert.metric_images.find_by_id(params[:metric_image_id])
+
+          render_api_error!('Metric image not found', 404) unless metric_image
+
+          if metric_image.destroy
+            no_content!
+          else
+            unprocessable_entity!('Metric image could not be deleted')
          end
        end
      end

--- a/ee/spec/requests/api/alert_management_alerts_spec.rb
+++ b/ee/spec/requests/api/alert_management_alerts_spec.rb
@@ -294,7 +294,7 @@ RSpec.describe API::AlertManagementAlerts do
      it_behaves_like "#{params[:expected_status]}"
    end

-    context 'user has access' do
+    context 'when user has access' do
      before do
        project.add_developer(user)
      end
@@ -304,7 +304,7 @@ RSpec.describe API::AlertManagementAlerts do
          stub_licensed_features(alert_metric_upload: true)
        end

-        context 'metric image not found' do
+        context 'and metric image not found' do
          subject { put api("/projects/#{project.id}/alert_management_alerts/#{alert.iid}/metric_images/#{non_existing_record_id}", user) }

          it 'returns an error' do
@@ -341,4 +341,97 @@ RSpec.describe API::AlertManagementAlerts do
      end
    end
  end
+
+  describe 'DELETE /projects/:id/alert_management_alerts/:alert_iid/metric_images/:metric_image_id' do
+    using RSpec::Parameterized::TableSyntax
+
+    let!(:image) { create(:alert_metric_image, alert: alert) }
+
+    subject { delete api("/projects/#{project.id}/alert_management_alerts/#{alert.iid}/metric_images/#{image.id}", user) }
+
+    shared_examples 'can delete metric image successfully' do
+      it 'can delete the metric images' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:no_content)
+        expect { image.reload }.to raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+
+    shared_examples 'unauthorized delete' do
+      it 'cannot delete the metric image' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(image.reload).to eq(image)
+      end
+    end
+
+    where(:user_role, :public_project, :expected_status) do
+      :not_member | false | 'unauthorized delete'
+      :not_member | true  | 'unauthorized delete'
+      :guest      | false | 'unauthorized delete'
+      :reporter   | false | 'unauthorized delete'
+      :developer  | false | 'can delete metric image successfully'
+    end
+
+    with_them do
+      before do
+        stub_licensed_features(alert_metric_upload: true)
+        project.send("add_#{user_role}", user) unless user_role == :not_member
+        project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) unless public_project
+      end
+
+      it_behaves_like "#{params[:expected_status]}"
+    end
+
+    context 'when user has access' do
+      before do
+        stub_licensed_features(alert_metric_upload: true)
+        project.add_developer(user)
+      end
+
+      context 'when metric image not found' do
+        subject { delete api("/projects/#{project.id}/alert_management_alerts/#{alert.iid}/metric_images/#{non_existing_record_id}", user) }
+
+        it 'returns an error' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:not_found)
+          expect(json_response['message']).to eq('Metric image not found')
+        end
+      end
+
+      context 'when error when deleting' do
+        before do
+          allow_next_instance_of(AlertManagement::AlertsFinder) do |finder|
+            allow(finder).to receive(:execute).and_return([alert])
+          end
+
+          allow(alert).to receive_message_chain('metric_images.find_by_id') { image }
+          allow(image).to receive(:destroy).and_return(false)
+        end
+
+        it 'returns an error' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:unprocessable_entity)
+          expect(json_response['message']).to eq('Metric image could not be deleted')
+        end
+      end
+
+      context 'when feature not enabled' do
+        before do
+          stub_licensed_features(alert_metric_upload: false)
+        end
+
+        it 'returns an error' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(json_response['message']).to eq('Feature not available')
+        end
+      end
+    end
+  end
 end