API Endpoint for deleting attachments from project
Problem to solve
As a CS engineer, I need I way to securely delete attachments from projects without using the Rails console.
Proposal
Create 2 API endpoints:
- Get attachment
- Delete attachment
In order to delete an attachment the user must provide the direct link to the attachment and the unique ID (and the project ID)
Create an API to remove an attachment scoped to an Owner, that would completely eliminate the need for us to intervene via the console.
Or
admin-only API endpoint would do: that would let us add a feature to ChatOps or use only admin access (which is technically a lesser level
Recent examples
- https://gitlab.com/gitlab-com/support/internal-requests/-/issues/11665#note_773486715 / https://gitlab.zendesk.com/agent/tickets/256477
When users write in, the usually provide a direct link to the attachment which includes the unique ID we can use to remove it.
Note
We will need to add a follow up issue to this to add an audit event for this
Edited by Orit Golowinski