Commit a185410f authored by Darby Frey's avatar Darby Frey

Adding Secure File destory service

parent a4d1bb67
......@@ -462,6 +462,7 @@ class ProjectPolicy < BasePolicy
enable :register_project_runners
enable :update_runners_registration_token
enable :admin_project_google_cloud
enable :admin_secure_files
end
rule { public_project & metrics_dashboard_allowed }.policy do
......
# frozen_string_literal: true
module Ci
class DestroySecureFileService < BaseService
def execute(secure_file)
raise Gitlab::Access::AccessDeniedError unless can?(current_user, :admin_secure_files, secure_file.project)
secure_file.destroy!
end
end
end
......@@ -7,7 +7,7 @@ module API
before do
authenticate!
authorize! :admin_build, user_project
authorize! :admin_secure_files, user_project
feature_flag_enabled?
end
......@@ -82,7 +82,7 @@ module API
delete ':id/secure_files/:secure_file_id' do
secure_file = user_project.secure_files.find(params[:secure_file_id])
secure_file.destroy!
::Ci::DestroySecureFileService.new(user_project, current_user).execute(secure_file)
no_content!
end
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ::Ci::DestroySecureFileService do
let_it_be(:maintainer_user) { create(:user) }
let_it_be(:project) { create(:project) }
let_it_be(:secure_file) { create(:ci_secure_file, project: project) }
let_it_be(:project_member) { create(:project_member, :maintainer, user: maintainer_user, project: project) }
subject { described_class.new(project, user).execute(secure_file) }
context 'user is a maintainer' do
let(:user) { maintainer_user }
it 'destroys the secure file' do
subject
expect { secure_file.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
end
context 'user is not owner' do
let(:user) { create(:user) }
it 'raises an exception' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment