Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #12265 have a REST end point to toggle project's status
Actions
Summary
Empty
have a REST end point to toggle project's status

I can have external processes to control whether a project can be active or not

Overview

As "Deleted" is a very dangerous state, it's not possible to delete a project with this API.

Moreover, manipulating a project status is a site admin capabilities. It's not recommended to let site admin credentials in clear somewhere and it can be dangerous to use them in API calls as they have a full access on all end points. In order to mitigate this risk, a new "Permission delegation" is introduced (as tracker or mediawiki global admin): "REST project management".

Functional overview

REST project management permissions

Introduce this new permission to be associated to groups.

The permission will apply on:

  • PATCH /projects/:id

  • GET /projects/:id

  • POST /projects

REST routes

PATCH /projects/:id
{
    "status": enum{"active", "suspended"}
}

The route should check whether the user is site administrator or has "REST project management" capability.

GET /projects/:id

The route is updated to include the status field.

In addition to that the behaviour with deleted, suspended and pedning projects shall be checked so only site administrators + delegated "REST Project Management" can access projects that are not active.

Empty
axel.bodoignet@st.com, Nouha Terzi (terzino), Denis PILAT (denis_pilat)
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#12265
Manuel Vacelet (vaceletm)
2019-11-08 10:29
2018-09-13 14:11
4311

References
Artifact links
Empty
Referencing story #12265

Artifact Tracker v5

epic #12158 Project ownership
rel #12154 10.6

Git commit

tuleap/tuleap/stable

Introduce the new permission REST project management 2ee2780ffc
User avatar Thomas Gorka (tgorka) , 2018-10-01 10:24
GET projects/ with status 679f996d13
User avatar Thomas Gorka (tgorka) , 2018-10-03 09:09
Restrict project creation through rest to autorised people b45a2d0c3d
User avatar Thomas Gorka (tgorka) , 2018-10-04 09:30
PATCH /projects/:id f9bb298fa6
User avatar Thomas Gorka (tgorka) , 2018-10-04 15:31
Retrieving the list of projects with the REST API should not raise a notice 41d19877c1
User avatar Thomas Gerbet (tgerbet) , 2018-10-05 17:41
task #12265: Use service_icon event to provide plugin icon dd47691b29
User avatar Benjamin Dauton (bdauton_enalean) , 2014-08-21 16:43
Display settings

Follow-ups

User avatar
Manuel Vacelet (vaceletm)2019-11-08 10:29

FYI, the new project creation workflow (community #8283) will be using the REST Route 'POST /projects' to create new projects. It will allow to only have a testable ways to create projects (APIs).

But this means that we have to remove the "REST project management" limitation that was set on 'POST /projects' for the sake of consistency when this story was made. The restriction will still apply for `PATCH /projects/:id` route to suspend or delete projects.

Note: since this story was made, new (optional) limitations were introduced on project creation (number of creation per user, number of creation "not validated") that can be used to prevent miss usage of this route.

  • Category set to
User avatar
Manuel Vacelet (vaceletm)2018-09-14 10:51
  • So that
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • CC list set to Denis PILAT (denis_pilat), Nouha Terzi (terzino), axel.bodoignet@st.com