Add latest changes from gitlab-org/gitlab@master

6 files changed, 140 insertions, 2 deletions

diff --git a/app/graphql/gitlab_schema.rb b/app/graphql/gitlab_schema.rb
index c0e063a34d5..37adf4c2d3b 100644
--- a/app/graphql/gitlab_schema.rb
+++ b/app/graphql/gitlab_schema.rb
@@ -137,6 +137,19 @@ class GitlabSchema < GraphQL::Schema
       gid
     end
 
+    # Parse an array of strings to an array of GlobalIDs, raising ArgumentError if there are problems
+    # with it.
+    # See #parse_gid
+    #
+    # ```
+    #   gids = GitlabSchema.parse_gids(my_array_of_strings, expected_type: ::Project)
+    #   project_ids = gids.map(&:model_id)
+    #   gids.all? { |gid| gid.model_class == ::Project }
+    # ```
+    def parse_gids(global_ids, ctx = {})
+      global_ids.map { |gid| parse_gid(gid, ctx) }
+    end
+
     private
 
     def max_query_complexity(ctx)
diff --git a/app/graphql/mutations/packages/bulk_destroy.rb b/app/graphql/mutations/packages/bulk_destroy.rb
new file mode 100644
index 00000000000..a0756d0c3f9
--- /dev/null
+++ b/app/graphql/mutations/packages/bulk_destroy.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Mutations
+  module Packages
+    class BulkDestroy < ::Mutations::BaseMutation
+      graphql_name 'DestroyPackages'
+
+      MAX_PACKAGES = 20
+      TOO_MANY_IDS_ERROR = "Cannot delete more than #{MAX_PACKAGES} packages"
+
+      argument :ids,
+               [::Types::GlobalIDType[::Packages::Package]],
+               required: true,
+               description: "Global IDs of the Packages. Max #{MAX_PACKAGES}"
+
+      def resolve(ids:)
+        raise_resource_not_available_error!(TOO_MANY_IDS_ERROR) if ids.size > MAX_PACKAGES
+
+        ids = GitlabSchema.parse_gids(ids, expected_type: ::Packages::Package)
+                          .map(&:model_id)
+
+        service = ::Packages::MarkPackagesForDestructionService.new(
+          packages: packages_from(ids),
+          current_user: current_user
+        )
+        result = service.execute
+
+        raise_resource_not_available_error! if result.reason == :unauthorized
+
+        errors = result.error? ? Array.wrap(result[:message]) : []
+
+        { errors: errors }
+      end
+
+      private
+
+      def packages_from(ids)
+        ::Packages::Package.displayable
+                           .id_in(ids)
+      end
+    end
+  end
+end
diff --git a/app/graphql/mutations/packages/destroy_files.rb b/app/graphql/mutations/packages/destroy_files.rb
index 3900a2c46ae..60a21be20d8 100644
--- a/app/graphql/mutations/packages/destroy_files.rb
+++ b/app/graphql/mutations/packages/destroy_files.rb
@@ -25,7 +25,7 @@ module Mutations
         project = authorized_find!(project_path)
         raise_resource_not_available_error! "Cannot delete more than #{MAXIMUM_FILES} files" if ids.size > MAXIMUM_FILES
 
-        package_files = ::Packages::PackageFile.where(id: parse_gids(ids)) # rubocop:disable CodeReuse/ActiveRecord
+        package_files = ::Packages::PackageFile.id_in(parse_gids(ids))
 
         ensure_file_access!(project, package_files)
 
@@ -47,7 +47,7 @@ module Mutations
       end
 
       def parse_gids(gids)
-        gids.map { |gid| GitlabSchema.parse_gid(gid, expected_type: ::Packages::PackageFile).model_id }
+        GitlabSchema.parse_gids(gids, expected_type: ::Packages::PackageFile).map(&:model_id)
       end
     end
   end
diff --git a/app/graphql/types/mutation_type.rb b/app/graphql/types/mutation_type.rb
index 109152a2f8a..5ffc1aeacad 100644
--- a/app/graphql/types/mutation_type.rb
+++ b/app/graphql/types/mutation_type.rb
@@ -138,6 +138,8 @@ module Types
     mount_mutation Mutations::UserCallouts::Create
     mount_mutation Mutations::UserPreferences::Update
     mount_mutation Mutations::Packages::Destroy
+    mount_mutation Mutations::Packages::BulkDestroy,
+                   extensions: [::Gitlab::Graphql::Limit::FieldCallCount => { limit: 1 }]
     mount_mutation Mutations::Packages::DestroyFile
     mount_mutation Mutations::Packages::DestroyFiles
     mount_mutation Mutations::Packages::Cleanup::Policy::Update
diff --git a/app/models/packages/package.rb b/app/models/packages/package.rb
index b7c784d9351..a1d2a47c392 100644
--- a/app/models/packages/package.rb
+++ b/app/models/packages/package.rb
@@ -124,6 +124,7 @@ class Packages::Package < ApplicationRecord
   scope :with_package_type, ->(package_type) { where(package_type: package_type) }
   scope :without_package_type, ->(package_type) { where.not(package_type: package_type) }
   scope :displayable, -> { with_status(DISPLAYABLE_STATUSES) }
+  scope :including_project_full_path, -> { includes(project: :route) }
   scope :including_project_route, -> { includes(project: { namespace: :route }) }
   scope :including_tags, -> { includes(:tags) }
   scope :including_dependency_links, -> { includes(dependency_links: :dependency) }
diff --git a/app/services/packages/mark_packages_for_destruction_service.rb b/app/services/packages/mark_packages_for_destruction_service.rb
new file mode 100644
index 00000000000..856e14f9fd3
--- /dev/null
+++ b/app/services/packages/mark_packages_for_destruction_service.rb
@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module Packages
+  class MarkPackagesForDestructionService
+    include BaseServiceUtility
+
+    BATCH_SIZE = 20
+
+    UNAUTHORIZED_RESPONSE = ServiceResponse.error(
+      message: "You don't have the permission to perform this action",
+      reason: :unauthorized
+    ).freeze
+
+    ERROR_RESPONSE = ServiceResponse.error(
+      message: 'Failed to mark the packages as pending destruction'
+    ).freeze
+
+    SUCCESS_RESPONSE = ServiceResponse.success(
+      message: 'Packages were successfully marked as pending destruction'
+    ).freeze
+
+    # Initialize this service with the given packages and user.
+    #
+    # * `packages`: must be an ActiveRecord relationship.
+    # * `current_user`: an User object. Could be nil.
+    def initialize(packages:, current_user: nil)
+      @packages = packages
+      @current_user = current_user
+    end
+
+    def execute(batch_size: BATCH_SIZE)
+      no_access = false
+      min_batch_size = [batch_size, BATCH_SIZE].min
+
+      @packages.each_batch(of: min_batch_size) do |batched_packages|
+        loaded_packages = batched_packages.including_project_full_path.to_a
+
+        break no_access = true unless can_destroy_packages?(loaded_packages)
+
+        ::Packages::Package.id_in(loaded_packages.map(&:id))
+                           .update_all(status: :pending_destruction)
+
+        sync_maven_metadata(loaded_packages)
+        mark_package_files_for_destruction(loaded_packages)
+      end
+
+      return UNAUTHORIZED_RESPONSE if no_access
+
+      SUCCESS_RESPONSE
+    rescue StandardError
+      ERROR_RESPONSE
+    end
+
+    private
+
+    def mark_package_files_for_destruction(packages)
+      ::Packages::MarkPackageFilesForDestructionWorker.bulk_perform_async_with_contexts(
+        packages,
+        arguments_proc: -> (package) { package.id },
+        context_proc: -> (package) { { project: package.project, user: @current_user } }
+      )
+    end
+
+    def sync_maven_metadata(packages)
+      maven_packages_with_version = packages.select { |pkg| pkg.maven? && pkg.version? }
+      ::Packages::Maven::Metadata::SyncWorker.bulk_perform_async_with_contexts(
+        maven_packages_with_version,
+        arguments_proc: -> (package) { [@current_user.id, package.project_id, package.name] },
+        context_proc: -> (package) { { project: package.project, user: @current_user } }
+      )
+    end
+
+    def can_destroy_packages?(packages)
+      packages.all? do |package|
+        can?(@current_user, :destroy_package, package)
+      end
+    end
+  end
+end