feat(admin): allow deleting package versions #1011
Conversation
| let count = db | ||
| .count_package_dependents( | ||
| crate::db::DependencyKind::Jsr, | ||
| &format!("@{}/{}", scope, package), | ||
| ) | ||
| .await?; | ||
|
|
||
| if count > 0 { | ||
| return Err(ApiError::DeleteVersionHasDependents); | ||
| } |
There was a problem hiding this comment.
this check is not correct, as it doesnt use the version as a requirement, and as such this check applies to all versions and is stricter than should be. This is good enough for now, however ideally this would build a graph and check if there are any other versions that fit the constraints used by dependents, and only if there is no such constraint would it error.
api/src/db/database.rs
Outdated
| #[instrument(name = "Database::yank_package_version", skip(self), err)] | ||
| pub async fn delete_package_version( |
There was a problem hiding this comment.
s/yank_package_version/delete_package_version
There was a problem hiding this comment.
i think you should log or instrument the package name here
There was a problem hiding this comment.
thats already done in the route handler function that calls this (same setup we have for all other db calls & endpoints)
There was a problem hiding this comment.
@crowlKats We had discussed that users should not be able to publish a version that was deleted anew - you didn't implement that yet. Can you do that?
| @@ -254,6 +260,19 @@ function Version({ | |||
| </button> | |||
| </form> | |||
| )} | |||
| {isPublished && iam.isStaff && ( | |||
There was a problem hiding this comment.
Does this only show up when sudo is on?
There was a problem hiding this comment.
good catch, fixed in #1027
|
@lucacasonato this is already handled. opened #1027 for adding an additional test to showcase this. |
this PR adds an endpoint to be able to delete package versions, but only for admins. This is not exposed in the UI for admins either, as the fact that this is for admins only is just a temporary restriction, and the idea is to come up with sensible restrictions that apply to users so they can delete versions (see #899).