From 384fa491a675e6bf3c5e94d81f3e25b700ae6959 Mon Sep 17 00:00:00 2001
From: Tim Wade <hello@timjwade.com>
Date: Wed, 5 Apr 2017 15:29:31 -0700
Subject: [PATCH 1/3] Allow policies to be deleted via DELETE

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1435773
---
 config/api.yml                     |  2 +-
 spec/requests/api/policies_spec.rb | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/config/api.yml b/config/api.yml
index 8013c62e512..b89a8b35e72 100644
--- a/config/api.yml
+++ b/config/api.yml
@@ -1080,7 +1080,7 @@
     :options:
     - :collection
     - :subcollection
-    :verbs: *gp
+    :verbs: *gpd
     :klass: MiqPolicy
     :subcollections:
     - :conditions
diff --git a/spec/requests/api/policies_spec.rb b/spec/requests/api/policies_spec.rb
index a7770239517..89c518a4506 100644
--- a/spec/requests/api/policies_spec.rb
+++ b/spec/requests/api/policies_spec.rb
@@ -399,6 +399,26 @@ def test_policy_profile_query(object, object_policy_profiles_url)
       expect(response).to have_http_status(:ok)
     end
 
+    describe "DELETE /api/policies/:id" do
+      it "can delete a policy with appropriate role" do
+        api_basic_authorize(action_identifier(:policies, :delete, :resource_actions, :delete))
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_delete(policies_url(policy.id)) }.to change(MiqPolicy, :count).by(-1)
+
+        expect(response).to have_http_status(:no_content)
+      end
+
+      it "will not delete a policy without an appropriate role" do
+        api_basic_authorize
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_delete(policies_url(policy.id)) }.not_to change(MiqPolicy, :count)
+
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
     it "edits policy actions events and conditions" do
       api_basic_authorize collection_action_identifier(:policies, :edit)
       miq_policy.conditions << conditions

From 9c410e5bd33801c6b5f71a8adfc229e9e7d27929 Mon Sep 17 00:00:00 2001
From: Tim Wade <hello@timjwade.com>
Date: Fri, 7 Apr 2017 11:15:15 -0700
Subject: [PATCH 2/3] Add tests for bulk deletes of policies

---
 spec/requests/api/policies_spec.rb | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/spec/requests/api/policies_spec.rb b/spec/requests/api/policies_spec.rb
index 89c518a4506..4d1eeaee9a6 100644
--- a/spec/requests/api/policies_spec.rb
+++ b/spec/requests/api/policies_spec.rb
@@ -399,6 +399,31 @@ def test_policy_profile_query(object, object_policy_profiles_url)
       expect(response).to have_http_status(:ok)
     end
 
+    describe "POST /api/policies with 'delete' action" do
+      it "can delete a policy with appropriate role" do
+        api_basic_authorize(collection_action_identifier(:policies, :delete))
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect do
+          run_post(policies_url, :action => "delete", :resources => [{:id => policy.id}])
+        end.to change(MiqPolicy, :count).by(-1)
+
+        expect(response.parsed_body).to include("results" => [a_hash_including("success" => true)])
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "will not delete a policy without an appropriate role" do
+        api_basic_authorize
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect do
+          run_post(policies_url, :action => "delete", :resources => [{:id => policy.id}])
+        end.not_to change(MiqPolicy, :count)
+
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
     describe "DELETE /api/policies/:id" do
       it "can delete a policy with appropriate role" do
         api_basic_authorize(action_identifier(:policies, :delete, :resource_actions, :delete))

From d12546c5c65b1ca77c981b778fbbcba158c65c2d Mon Sep 17 00:00:00 2001
From: Tim Wade <hello@timjwade.com>
Date: Fri, 7 Apr 2017 11:19:06 -0700
Subject: [PATCH 3/3] Improve specs for single policy delete through POST

---
 spec/requests/api/policies_spec.rb | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/spec/requests/api/policies_spec.rb b/spec/requests/api/policies_spec.rb
index 4d1eeaee9a6..107481455d9 100644
--- a/spec/requests/api/policies_spec.rb
+++ b/spec/requests/api/policies_spec.rb
@@ -391,12 +391,24 @@ def test_policy_profile_query(object, object_policy_profiles_url)
       expect(response.parsed_body["error"]["message"]).to include(miq_policy_contents.keys.join(", "))
     end
 
-    it "deletes policy" do
-      api_basic_authorize collection_action_identifier(:policies, :delete)
-      run_post(policies_url, gen_request(:delete, "href" => policies_url(miq_policy.id)))
-      policy_id = response.parsed_body["results"].first["id"]
-      expect(MiqPolicy.exists?(policy_id)).to be_falsey
-      expect(response).to have_http_status(:ok)
+    describe "POST /api/policies/:id with 'delete' action" do
+      it "can delete a policy with appropriate role" do
+        api_basic_authorize(action_identifier(:policies, :delete))
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_post(policies_url(policy.id), :action => "delete") }.to change(MiqPolicy, :count).by(-1)
+
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "will not delete a policy without an appropriate role" do
+        api_basic_authorize
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_post(policies_url(policy.id), :action => "delete") }.not_to change(MiqPolicy, :count)
+
+        expect(response).to have_http_status(:forbidden)
+      end
     end
 
     describe "POST /api/policies with 'delete' action" do