•  
     
    story #12265 have a REST end point to toggle project's status
Summary
Empty
have a REST end point to toggle project's status

I can have external processes to control whether a project can be active or not

Overview

As "Deleted" is a very dangerous state, it's not possible to delete a project with this API.

Moreover, manipulating a project status is a site admin capabilities. It's not recommended to let site admin credentials in clear somewhere and it can be dangerous to use them in API calls as they have a full access on all end points. In order to mitigate this risk, a new "Permission delegation" is introduced (as tracker or mediawiki global admin): "REST project management".

Functional overview

REST project management permissions

Introduce this new permission to be associated to groups.

The permission will apply on:

  • PATCH /projects/:id

  • GET /projects/:id

  • POST /projects

REST routes

PATCH /projects/:id
{
    "status": enum{"active", "suspended"}
}

The route should check whether the user is site administrator or has "REST project management" capability.

GET /projects/:id

The route is updated to include the status field.

In addition to that the behaviour with deleted, suspended and pedning projects shall be checked so only site administrators + delegated "REST Project Management" can access projects that are not active.

Empty
axel.bodoignet@st.com, Nouha Terzi (terzino), Denis PILAT (denis_pilat)
Status
Done
Development
Empty
Empty
Details
#12265
Manuel Vacelet (vaceletm)
2019-11-08 10:29
2018-09-13 14:11
3694

References

Follow-ups

  • User avatar

    FYI, the new project creation workflow (community #8283) will be using the REST Route 'POST /projects' to create new projects. It will allow to only have a testable ways to create projects (APIs).

    But this means that we have to remove the "REST project management" limitation that was set on 'POST /projects' for the sake of consistency when this story was made. The restriction will still apply for `PATCH /projects/:id` route to suspend or delete projects.

    Note: since this story was made, new (optional) limitations were introduced on project creation (number of creation per user, number of creation "not validated") that can be used to prevent miss usage of this route.

  • User avatar
    gerrit #12806 integrated into Tuleap 10.5.99.143
  • User avatar
    gerrit #12770 integrated into Tuleap 10.5.99.121

    • Status changed from On going to Done
  • User avatar
    gerrit #12768 integrated into Tuleap 10.5.99.111
  • User avatar
    gerrit #12722 integrated into Tuleap 10.5.99.108
  • User avatar
    gerrit #12731 integrated into Tuleap 10.5.99.105
  • User avatar
    gerrit #12712 integrated into Tuleap 10.5.99.79

    • Status changed from To be done to On going
  • User avatar
    • So that
    • Acceptance criteria
    • CC list set to Denis PILAT (denis_pilat), Nouha Terzi (terzino), axel.bodoignet@st.com