PUT becomes POST on archiving endpoints

Also the specs have a minor improvement. Mainly the access right spec.
Changes are reflected in the docs

4 files changed, 46 insertions, 43 deletions

diff --git a/CHANGELOG b/CHANGELOG
index d9be95defd1..70405957be9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@ v 8.7.0 (unreleased)
   - Preserve time notes/comments have been updated at when moving issue
   - Make HTTP(s) label consistent on clone bar (Stan Hu)
   - Fix avatar stretching by providing a cropping feature
+  - Add endpoints to archive or unarchive a project !3372
 
 v 8.6.1
   - Add option to reload the schema before restoring a database backup. !2807
diff --git a/doc/api/projects.md b/doc/api/projects.md
index 44d40235e9e..3a909a2bc87 100644
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -493,14 +493,15 @@ Parameters:
 
 ### Archive a project
 
-Archives a project if the user has the right access level to this project. This action is
+Archives the project if the user is either admin or the project owner of this project. This action is
 idempotent, thus archiving an already archived project will not change the project.
 
-Status code 200 with the project as body is given when successful, in case the user doesn't
-have the proper access rights, code 404 is returned.
+Status code 201 with the project as body is given when successful, in case the user doesn't
+have the proper access rights, code 403 is returned. Status 404 is returned if the project
+doesn't exist, or is hidden to the user.
 
 ```
-PUT /projects/:id/archive
+POST /projects/:id/archive
 ```
 
 | Attribute | Type | Required | Description |
@@ -508,7 +509,7 @@ PUT /projects/:id/archive
 | `id`      | integer | yes | The ID of the project |
 
 ```bash
-curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/archive"
+curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/archive"
 ```
 
 Example response:
@@ -575,14 +576,15 @@ Example response:
 
 ### Unarchive a project
 
-Unarchives a project if the user has the right access level to this project. This action is
+Unarchives the project if the user is either admin or the project owner of this project. This action is
 idempotent, thus unarchiving an non-archived project will not change the project.
 
-Status code 200 with the project as body is given when successful, in case the user doesn't
-have the proper access rights, code 404 is returned.
+Status code 201 with the project as body is given when successful, in case the user doesn't
+have the proper access rights, code 403 is returned. Status 404 is returned if the project
+doesn't exist, or is hidden to the user.
 
 ```
-PUT /projects/:id/archive
+POST /projects/:id/archive
 ```
 
 | Attribute | Type | Required | Description |
@@ -590,7 +592,7 @@ PUT /projects/:id/archive
 | `id`      | integer | yes | The ID of the project |
 
 ```bash
-curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/unarchive"
+curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/unarchive"
 ```
 
 Example response:
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index aa60a39f341..24b31005475 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -250,12 +250,12 @@ module API
       #   id (required) - The ID of a project
       # Example Request:
       #   PUT /projects/:id/archive
-      put ':id/archive' do
+      post ':id/archive' do
         authorize!(:archive_project, user_project)
 
         user_project.archive!
 
-        present @project, with: Entities::Project
+        present user_project, with: Entities::Project
       end
 
       # Unarchive project
@@ -264,12 +264,12 @@ module API
       #   id (required) - The ID of a project
       # Example Request:
       #   PUT /projects/:id/unarchive
-      put ':id/unarchive' do
+      post ':id/unarchive' do
         authorize!(:archive_project, user_project)
 
         user_project.unarchive!
 
-        present @project, with: Entities::Project
+        present user_project, with: Entities::Project
       end
 
       # Remove project
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 0a5b50e2884..be2034e0f39 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -948,20 +948,14 @@ describe API::API, api: true  do
     end
   end
 
-  describe 'PUT /projects/:id/archive' do
+  describe 'POST /projects/:id/archive' do
     context 'on an unarchived project' do
       it 'archives the project' do
-        put api("/projects/#{project.id}/archive", user)
+        post api("/projects/#{project.id}/archive", user)
 
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
         expect(json_response['archived']).to be_truthy
       end
-
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/archive", user3)
-
-        expect(response.status).to eq(404)
-      end
     end
 
     context 'on an archived project' do
@@ -970,34 +964,34 @@ describe API::API, api: true  do
       end
 
       it 'remains archived' do
-        put api("/projects/#{project.id}/archive", user)
+        post api("/projects/#{project.id}/archive", user)
 
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
         expect(json_response['archived']).to be_truthy
       end
+    end
+
+    context 'user without archiving rights to the project' do
+      before do
+        project.team << [user3, :developer]
+      end
 
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/archive", user3)
+      it 'rejects the action' do
+        post api("/projects/#{project.id}/archive", user3)
 
-        expect(response.status).to eq(404)
+        expect(response.status).to eq(403)
       end
     end
   end
 
-  describe 'PUT /projects/:id/unarchive' do
+  describe 'POST /projects/:id/unarchive' do
     context 'on an unarchived project' do
       it 'remains unarchived' do
-        put api("/projects/#{project.id}/unarchive", user)
+        post api("/projects/#{project.id}/unarchive", user)
 
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
         expect(json_response['archived']).to be_falsey
       end
-
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/unarchive", user3)
-
-        expect(response.status).to eq(404)
-      end
     end
 
     context 'on an archived project' do
@@ -1005,17 +999,23 @@ describe API::API, api: true  do
         project.archive!
       end
 
-      it 'remains archived' do
-        put api("/projects/#{project.id}/unarchive", user)
+      it 'unarchives the project' do
+        post api("/projects/#{project.id}/unarchive", user)
 
-        expect(response.status).to eq(200)
+        expect(response.status).to eq(201)
         expect(json_response['archived']).to be_falsey
       end
+    end
 
-      it 'rejects archivation on other users' do
-        put api("/projects/#{project.id}/archive", user3)
+    context 'user without archiving rights to the project' do
+      before do
+        project.team << [user3, :developer]
+      end
 
-        expect(response.status).to eq(404)
+      it 'rejects the action' do
+        post api("/projects/#{project.id}/unarchive", user3)
+
+        expect(response.status).to eq(403)
       end
     end
   end