Merge branch '15656-user-delete-container'

author Tom Clegg <tclegg@veritasgenetics.com>

Tue, 1 Oct 2019 14:29:07 +0000 (10:29 -0400)

committer Tom Clegg <tclegg@veritasgenetics.com>

Tue, 1 Oct 2019 14:29:07 +0000 (10:29 -0400)
author Tom Clegg <tclegg@veritasgenetics.com>
Tue, 1 Oct 2019 14:29:07 +0000 (10:29 -0400)
committer Tom Clegg <tclegg@veritasgenetics.com>
Tue, 1 Oct 2019 14:29:07 +0000 (10:29 -0400)
diff --git a/doc/api/methods/containers.html.textile.liquid b/doc/api/methods/containers.html.textile.liquid

index d59c66edc3cbf5f492dbb0c4befac668e209c980..5ec95cee62ab18a7f8b69ac42382a4f42e7ac1cd 100644 (file)
--- a/doc/api/methods/containers.html.textile.liquid
+++ b/doc/api/methods/containers.html.textile.liquid
@@ -110,7 +110,9 @@ table(table table-bordered table-condensed).
  
  h3. delete
  
-Delete an existing Container.
+Delete a Container.
+
+This API requires admin privileges. In normal operation, it should not be used at all. API clients like Workbench might not work correctly when a container request references a container that has been deleted.
  
  Arguments:
  
diff --git a/services/api/app/models/container.rb b/services/api/app/models/container.rb

index 8999b3e14e123b78f8ecfaaa2ea821d8fa6e3490..376be55ffbf1a762ae81c2ed3fbbf76292b87883 100644 (file)
--- a/services/api/app/models/container.rb
+++ b/services/api/app/models/container.rb
@@ -423,6 +423,10 @@ class Container < ArvadosModel
      current_user.andand.is_admin
    end
  
+  def permission_to_destroy
+    current_user.andand.is_admin
+  end
+
    def ensure_owner_uuid_is_permitted
      # validate_change ensures owner_uuid can't be changed at all --
      # except during create, which requires admin privileges. Checking
diff --git a/services/api/test/unit/container_test.rb b/services/api/test/unit/container_test.rb

index 88fd5feb6ad27c3c55dd5531c0a2566422239f41..5f17efc4452c3ac24e5e53f9d532da1ce3b9d673 100644 (file)
--- a/services/api/test/unit/container_test.rb
+++ b/services/api/test/unit/container_test.rb
@@ -980,6 +980,15 @@ class ContainerTest < ActiveSupport::TestCase
      end
    end
  
+  test "user cannot delete" do
+    set_user_from_auth :active
+    c, _ = minimal_new
+    assert_raises ArvadosModel::PermissionDeniedError do
+      c.destroy
+    end
+    assert Container.find_by_uuid(c.uuid)
+  end
+
    [
      {state: Container::Complete, exit_code: 0, output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'},
      {state: Container::Cancelled},
author	Tom Clegg <tclegg@veritasgenetics.com>
	Tue, 1 Oct 2019 14:29:07 +0000 (10:29 -0400)
committer	Tom Clegg <tclegg@veritasgenetics.com>
	Tue, 1 Oct 2019 14:29:07 +0000 (10:29 -0400)
doc/api/methods/containers.html.textile.liquid		patch \| blob \| history
services/api/app/models/container.rb		patch \| blob \| history
services/api/test/unit/container_test.rb		patch \| blob \| history