Merge branch 'issue_353474-allow_to_delete_related_epic_links_on_internal_api' into 'master'

Allow to destroy related epic links on internal API See merge request gitlab-org/gitlab!82035

Merge branch 'issue_353474-allow_to_delete_related_epic_links_on_internal_api' into 'master'
Allow to destroy related epic links on internal API See merge request gitlab-org/gitlab!82035
bcafb60b · Heinrich Lee Yu · b14e50a9 · c4dab676 · bcafb60b · bcafb60b
Commit bcafb60b authored Mar 09, 2022 by Heinrich Lee Yu
3 changed files
--- a/ee/app/controllers/groups/epics/related_epic_links_controller.rb
+++ b/ee/app/controllers/groups/epics/related_epic_links_controller.rb
@@ -9,16 +9,34 @@ class Groups::Epics::RelatedEpicLinksController < Groups::ApplicationController
  before_action :ensure_related_epics_enabled!
  before_action :check_epics_available!
  before_action :check_related_epics_available!
+  before_action :authorize_related_epic_link_association!, only: [:destroy]
+  before_action :authorize_admin!, only: [:destroy]

  feature_category :portfolio_management
  urgency :default

  private

+  def authorized_object
+    'related_epic_link'
+  end
+
+  def link
+    @link ||= Epic::RelatedEpicLink.find(params[:id])
+  end
+
+  def authorize_related_epic_link_association!
+    render_404 if link.target != epic && link.source != epic
+  end
+
  def list_service
    Epics::RelatedEpicLinks::ListService.new(epic, current_user)
  end

+  def destroy_service
+    Epics::RelatedEpicLinks::DestroyService.new(link, current_user)
+  end
+
  def ensure_related_epics_enabled!
    render_404 unless Feature.enabled?(:related_epics_widget, epic&.group, default_enabled: :yaml)
  end

--- a/ee/config/routes/group.rb
+++ b/ee/config/routes/group.rb
@@ -123,7 +123,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do

      scope module: :epics do
        resources :notes, only: [:index, :create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ }
-        resources :related_epic_links, only: [:index]
+        resources :related_epic_links, only: [:index, :destroy]
      end

      collection do

--- a/ee/spec/requests/groups/epics/related_epic_links_controller_spec.rb
+++ b/ee/spec/requests/groups/epics/related_epic_links_controller_spec.rb
@@ -5,13 +5,40 @@ require 'spec_helper'
 RSpec.describe Groups::Epics::RelatedEpicLinksController do
  let_it_be(:user) { create(:user) }
  let_it_be(:epic) { create(:epic) }
-  let_it_be(:epic_link1) { create(:related_epic_link, source: epic) }
+  let_it_be(:epic2) { create(:epic, group: epic.group) }
+  let_it_be(:epic_link1) { create(:related_epic_link, source: epic, target: epic2) }
  let_it_be(:epic_link2) { create(:related_epic_link, source: epic) }

  before do
    stub_licensed_features(epics: true, related_epics: true)
  end

+  shared_examples 'a not available action' do
+    context 'when related_epics flag is disabled' do
+      before do
+        stub_feature_flags(related_epics_widget: false)
+      end
+
+      it 'returns not_found error' do
+        request
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'when related_epics are not available' do
+      before do
+        stub_licensed_features(epics: true, related_epics: false)
+      end
+
+      it 'returns not_found error' do
+        request
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+
  describe 'GET /*group_id/:group_id/epics/:epic_id/related_epic_links' do
    subject(:request) do
      get group_epic_related_epic_links_path(group_id: epic.group, epic_id: epic.iid, format: :json)
@@ -22,6 +49,8 @@ RSpec.describe Groups::Epics::RelatedEpicLinksController do
      login_as user
    end

+    it_behaves_like 'a not available action'
+
    it 'returns JSON response' do
      list_service_response = Epics::RelatedEpicLinks::ListService.new(epic, user).execute

@@ -44,27 +73,42 @@ RSpec.describe Groups::Epics::RelatedEpicLinksController do

      expect { do_request }.not_to exceed_query_limit(control)
    end
+  end
+
+  describe 'DELETE /*group_id/:group_id/epics/:epic_id/related_epic_links/:link_id' do
+    subject(:request) do
+      delete group_epic_related_epic_link_path(id: epic_link1.id, group_id: epic.group, epic_id: epic.iid, format: :json)
+    end

-    context 'when related_epics flag is disabled' do
    before do
-        stub_feature_flags(related_epics_widget: false)
+      epic.group.add_reporter(user)
+      login_as user
    end

-      it 'returns not_found error' do
-        request
+    it_behaves_like 'a not available action'
+
+    it 'deletes related epic link' do
+      expect { request }.to change(Epic::RelatedEpicLink, :count).by(-1)
+      expect(response).to have_gitlab_http_status(:ok)
+    end
+
+    context 'when related epic link id is not valid' do
+      it 'returns 404' do
+        delete group_epic_related_epic_link_path(id: 999, group_id: epic.group, epic_id: epic.iid, format: :json)

        expect(response).to have_gitlab_http_status(:not_found)
      end
    end

-    context 'when related_epics are not available' do
-      before do
-        stub_licensed_features(epics: true, related_epics: false)
-      end
+    context 'when related epic link does not belong to epic' do
+      let!(:link) { create(:related_epic_link) }

-      it 'returns not_found error' do
-        request
+      subject(:request) do
+        delete group_epic_related_epic_link_path(id: link.id, group_id: epic.group, epic_id: epic.iid, format: :json)
+      end

+      it 'does not delete related epic link' do
+        expect { request }.not_to change(Epic::RelatedEpicLink, :count)
        expect(response).to have_gitlab_http_status(:not_found)
      end
    end