PUT becomes POST on archiving endpoints

Also the specs have a minor improvement. Mainly the access right spec. Changes are reflected in the docs

PUT becomes POST on archiving endpoints
3549d7c1 · Zeger-Jan van de Weg · 2c5bcf2e · 3549d7c1 · 3549d7c1 · 3549d7c1
Commit 3549d7c1 authored 9 years ago by Zeger-Jan van de Weg
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@ v 8.7.0 (unreleased)
  - Preserve time notes/comments have been updated at when moving issue
  - Make HTTP(s) label consistent on clone bar (Stan Hu)
  - Fix avatar stretching by providing a cropping feature
+  - Add endpoints to archive or unarchive a project !3372
  
 v 8.6.1
  - Add option to reload the schema before restoring a database backup. !2807

--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -493,14 +493,15 @@ Parameters:
  
 ### Archive a project
  
-Archives a project if the user has the right access level to this project. This action is
+Archives the project if the user is either admin or the project owner of this project. This action is
 idempotent, thus archiving an already archived project will not change the project.
  
-Status code 200 with the project as body is given when successful, in case the user doesn't
-have the proper access rights, code 404 is returned.
+Status code 201 with the project as body is given when successful, in case the user doesn't
+have the proper access rights, code 403 is returned. Status 404 is returned if the project
+doesn't exist, or is hidden to the user.
  
 ```
-PUT /projects/:id/archive
+POST /projects/:id/archive
 ```
  
 | Attribute | Type | Required | Description |
@@ -508,7 +509,7 @@ PUT /projects/:id/archive
 | `id`      | integer | yes | The ID of the project |
  
 ```bash
-curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/archive"
+curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/archive"
 ```
  
 Example response:
@@ -575,14 +576,15 @@ Example response:
  
 ### Unarchive a project
  
-Unarchives a project if the user has the right access level to this project. This action is
+Unarchives the project if the user is either admin or the project owner of this project. This action is
 idempotent, thus unarchiving an non-archived project will not change the project.
  
-Status code 200 with the project as body is given when successful, in case the user doesn't
-have the proper access rights, code 404 is returned.
+Status code 201 with the project as body is given when successful, in case the user doesn't
+have the proper access rights, code 403 is returned. Status 404 is returned if the project
+doesn't exist, or is hidden to the user.
  
 ```
-PUT /projects/:id/archive
+POST /projects/:id/archive
 ```
  
 | Attribute | Type | Required | Description |
@@ -590,7 +592,7 @@ PUT /projects/:id/archive
 | `id`      | integer | yes | The ID of the project |
  
 ```bash
-curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/unarchive"
+curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/unarchive"
 ```
  
 Example response:

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -250,12 +250,12 @@ module API
      #   id (required) - The ID of a project
      # Example Request:
      #   PUT /projects/:id/archive
-      put ':id/archive' do
+      post ':id/archive' do
        authorize!(:archive_project, user_project)
  
        user_project.archive!
  
-        present @project, with: Entities::Project
+        present user_project, with: Entities::Project
      end
  
      # Unarchive project
@@ -264,12 +264,12 @@ module API
      #   id (required) - The ID of a project
      # Example Request:
      #   PUT /projects/:id/unarchive
-      put ':id/unarchive' do
+      post ':id/unarchive' do
        authorize!(:archive_project, user_project)
  
        user_project.unarchive!
  
-        present @project, with: Entities::Project
+        present user_project, with: Entities::Project
      end
  
      # Remove project

--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -948,20 +948,14 @@ describe API::API, api: true  do
    end
  end
  
-  describe 'PUT /projects/:id/archive' do
+  describe 'POST /projects/:id/archive' do
    context 'on an unarchived project' do
      it 'archives the project' do
-        put api("/projects/#{project.id}/archive", user)
+        post api("/projects/#{project.id}/archive", user)
  
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
        expect(json_response['archived']).to be_truthy
      end
-
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/archive", user3)
-
-        expect(response.status).to eq(404)
-      end
    end
  
    context 'on an archived project' do
@@ -970,34 +964,34 @@ describe API::API, api: true  do
      end
  
      it 'remains archived' do
-        put api("/projects/#{project.id}/archive", user)
+        post api("/projects/#{project.id}/archive", user)
  
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
        expect(json_response['archived']).to be_truthy
      end
+    end
+
+    context 'user without archiving rights to the project' do
+      before do
+        project.team << [user3, :developer]
+      end
  
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/archive", user3)
+      it 'rejects the action' do
+        post api("/projects/#{project.id}/archive", user3)
  
-        expect(response.status).to eq(404)
+        expect(response.status).to eq(403)
      end
    end
  end
  
-  describe 'PUT /projects/:id/unarchive' do
+  describe 'POST /projects/:id/unarchive' do
    context 'on an unarchived project' do
      it 'remains unarchived' do
-        put api("/projects/#{project.id}/unarchive", user)
+        post api("/projects/#{project.id}/unarchive", user)
  
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
        expect(json_response['archived']).to be_falsey
      end
-
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/unarchive", user3)
-
-        expect(response.status).to eq(404)
-      end
    end
  
    context 'on an archived project' do
@@ -1005,17 +999,23 @@ describe API::API, api: true  do
        project.archive!
      end
  
-      it 'remains archived' do
-        put api("/projects/#{project.id}/unarchive", user)
+      it 'unarchives the project' do
+        post api("/projects/#{project.id}/unarchive", user)
  
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
        expect(json_response['archived']).to be_falsey
      end
+    end
  
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/archive", user3)
+    context 'user without archiving rights to the project' do
+      before do
+        project.team << [user3, :developer]
+      end
  
-        expect(response.status).to eq(404)
+      it 'rejects the action' do
+        post api("/projects/#{project.id}/unarchive", user3)
+
+        expect(response.status).to eq(403)
      end
    end
  end