Skip to content

Allow delete of protected tags if user has authority

Dustin Eckhardt requested to merge eggerd/gitlab:allow-delete-protected-tags into master

What does this MR do and why?

Allow deletion of protected tags, if the user has authority. This is a somewhat popular feature request and would align the handling of protected tags with that of protected branches.

This means that maintainers and owners get the option to delete protected tags via the web interface or API. Deleting a protected tag has to be confirmed by typing out the tag name. The flow and phrasing used for this is the same as for deleting protected branches.

Screenshots or screen recordings

Confirm modals
Normal

delete-modal-normal

Protected

delete-modal-protected

Button tooltips
Normal

delete-tooltip-normal

Protected

delete-tooltip-protected

Unauthorized

delete-tooltip-denied

How to set up and validate locally

(Assuming you have a project with an initialized repository)

As owner/maintainer:

  1. Configure a protected tag (e.g. wildcard v*) in the repository settings of your project
  2. Create two protected tags (e.g. v1 & v2)
  3. Click the delete button of the protected tag v1
  4. Confirm the deletion by typing the tag name and click the "Yes" button
  5. Deletion will be confirmed with a "Tag was removed" at the top of the page

As developer:

  1. Impersonate/login as a developer of your project
  2. Try to delete the protected tag v2
  3. Notice that the button is disabled

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Closes #20807 (closed)

Edited by Dustin Eckhardt

Merge request reports