Add bulk repository deletion for organizations

modules/structs/repo.go

@@ -440,3 +440,25 @@ type UpdateRepoAvatarOption struct {
 	// image must be base64 encoded
 	Image string `json:"image" binding:"Required"`
 }
+
+// DeleteOrgReposResponse represents the response for deleting organization repositories
+// swagger:model
+type DeleteOrgReposResponse struct {
+	// Number of repositories successfully deleted
+	SuccessCount int `json:"success_count"`
+	// Number of repositories that failed to delete
+	FailureCount int `json:"failure_count"`
+	// List of repository names that were deleted
+	Deleted []string `json:"deleted"`
+	// Details about repositories that failed to delete
+	Failed []DeleteRepoFailure `json:"failed"`
+}
+
+// DeleteRepoFailure represents a repository that failed to delete
+// swagger:model
+type DeleteRepoFailure struct {
+	// Repository name
+	RepoName string `json:"repo_name"`
+	// Message to be displayed
+	Message string `json:"reason"`
+}

routers/api/v1/api.go

@@ -1621,7 +1621,8 @@ func Routes() *web.Router {
 				Delete(reqToken(), reqOrgOwnership(), org.Delete)
 			m.Post("/rename", reqToken(), reqOrgOwnership(), bind(api.RenameOrgOption{}), org.Rename)
 			m.Combo("/repos").Get(user.ListOrgRepos).
-				Post(reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)
+				Post(reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo).
+				Delete(reqToken(), reqOrgOwnership(), org.DeleteOrgRepos)
 			m.Group("/members", func() {
 				m.Get("", reqToken(), org.ListMembers)
 				m.Combo("/{username}").Get(reqToken(), org.IsMember).

routers/api/v1/org/org.go

@@ -11,7 +11,9 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
+	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/optional"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
@@ -21,6 +23,7 @@ import (
 	"code.gitea.io/gitea/services/convert"
 	feed_service "code.gitea.io/gitea/services/feed"
 	"code.gitea.io/gitea/services/org"
+	repo_service "code.gitea.io/gitea/services/repository"
 	user_service "code.gitea.io/gitea/services/user"
 )
 
@@ -493,3 +496,48 @@ func ListOrgActivityFeeds(ctx *context.APIContext) {
 
 	ctx.JSON(http.StatusOK, convert.ToActivities(ctx, feeds, ctx.Doer))
 }
+
+func DeleteOrgRepos(ctx *context.APIContext) {
+	// swagger:operation DELETE /orgs/{org}/repos organization orgDeleteRepos
+	// ---
+	// summary: Delete all repositories in an organization
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/DeleteOrgReposList"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	org := ctx.Org.Organization
+	repos, err := repo_model.GetOrgRepositories(ctx, org.ID)
+	if err != nil {
+		ctx.APIErrorInternal(err)
+		return
+	}
+	response := &api.DeleteOrgReposResponse{
+		Deleted: []string{},
+		Failed:  []api.DeleteRepoFailure{},
+	}
+	for _, repo := range repos {
+		if err := repo_service.DeleteRepository(ctx, ctx.Doer, repo, true); err != nil {
+			log.Error("Error deleting repo %s: %v", repo.Name, err)
+			response.Failed = append(response.Failed, api.DeleteRepoFailure{
+				RepoName: repo.Name,
+				Message:  "Failed to delete repository",
+			})
+		} else {
+			response.Deleted = append(response.Deleted, repo.Name)
+		}
+	}
+	response.SuccessCount = len(response.Deleted)
+	response.FailureCount = len(response.Failed)
+	ctx.JSON(http.StatusOK, response)
+}

routers/api/v1/swagger/org.go

@@ -41,3 +41,11 @@ type swaggerResponseOrganizationPermissions struct {
 	// in:body
 	Body api.OrganizationPermissions `json:"body"`
 }
+
+// DeleteOrgReposList
+// swagger:response DeleteOrgReposList
+type swaggerDeleteOrgReposList struct {
+	// List of successfully deleted repositories and failures
+	//in:body
+	Body api.DeleteOrgReposResponse `json:"body"`
+}

tests/integration/api_org_test.go

@@ -249,3 +249,100 @@ func TestAPIOrgGeneral(t *testing.T) {
 		MakeRequest(t, req, http.StatusForbidden)
 	})
 }
+
+func TestAPIDeleteOrgRepos(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Delete all repos successfully", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Create test org with owner
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeWriteRepository)
+
+		orgName := "test_delete_org"
+		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &api.CreateOrgOption{
+			UserName: orgName,
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		// Create 60 repos to test efficiency
+		for i := range 60 {
+			repoName := fmt.Sprintf("test_repo_%d", i)
+			req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos", orgName), &api.CreateRepoOption{
+				Name: repoName,
+			}).AddTokenAuth(token)
+			MakeRequest(t, req, http.StatusCreated)
+		}
+
+		// Delete all repos
+		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/%s/repos", orgName)).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		var result api.DeleteOrgReposResponse
+		DecodeJSON(t, resp, &result)
+
+		assert.Equal(t, 60, result.SuccessCount)
+		assert.Equal(t, 0, result.FailureCount)
+		assert.Len(t, result.Deleted, 60)
+		assert.Empty(t, result.Failed)
+	})
+
+	t.Run("Verify response structure", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeWriteRepository)
+
+		orgName := "test_response_org"
+		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &api.CreateOrgOption{
+			UserName: orgName,
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		// Create a few repos
+		for i := range 3 {
+			req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos", orgName), &api.CreateRepoOption{
+				Name: fmt.Sprintf("repo_%d", i),
+			}).AddTokenAuth(token)
+			MakeRequest(t, req, http.StatusCreated)
+		}
+
+		// Delete all repos
+		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/%s/repos", orgName)).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		var result api.DeleteOrgReposResponse
+		DecodeJSON(t, resp, &result)
+
+		// Verify response structure
+		assert.Equal(t, 3, result.SuccessCount)
+		assert.Equal(t, 0, result.FailureCount)
+		assert.Len(t, result.Deleted, 3)
+		assert.Empty(t, result.Failed)
+		assert.NotNil(t, result.Deleted)
+		assert.NotNil(t, result.Failed)
+	})
+
+	t.Run("Fail without permissions", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// user2 is owner of org3
+		ownerSession := loginUser(t, "user2")
+		ownerToken := getTokenForLoggedInUser(t, ownerSession, auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeWriteRepository)
+
+		// Create repo in org3
+		req := NewRequestWithJSON(t, "POST", "/api/v1/org/org3/repos", &api.CreateRepoOption{
+			Name: "test_perm_repo",
+		}).AddTokenAuth(ownerToken)
+		MakeRequest(t, req, http.StatusCreated)
+
+		// user4 is not owner of org3
+		nonOwnerSession := loginUser(t, "user4")
+		nonOwnerToken := getTokenForLoggedInUser(t, nonOwnerSession, auth_model.AccessTokenScopeWriteOrganization)
+
+		// Try to delete repos without owner permission
+		req = NewRequest(t, "DELETE", "/api/v1/orgs/org3/repos").AddTokenAuth(nonOwnerToken)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+}