Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds /sources/<source_uuid>/conversation endpoint supporting DELETE #5963

Merged
merged 2 commits into from Jun 2, 2021
Merged

Adds /sources/<source_uuid>/conversation endpoint supporting DELETE #5963

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b79326d
Adds /sources/<uuid>/conversation endpoint supporting DELETE
zenmonkeykstop May 27, 2021
86884d3
added test for coverage purposes
zenmonkeykstop May 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 10 additions & 0 deletions securedrop/journalist_app/api.py
View file
Open in desktop
Expand Up @@ -181,6 +181,16 @@ def flag(source_uuid: str) -> Tuple[flask.Response, int]:
db.session.commit()
return jsonify({'message': 'Source flagged for reply'}), 200

@api.route('/sources/<source_uuid>/conversation', methods=['DELETE'])
@token_required
def source_conversation(source_uuid: str) -> Tuple[flask.Response, int]:
if request.method == 'DELETE':
source = get_or_404(Source, source_uuid, column=Source.uuid)
utils.delete_source_files(source.filesystem_id)
return jsonify({'message': 'Source data deleted'}), 200
else:
abort(405)

@api.route('/sources/<source_uuid>/submissions', methods=['GET'])
@token_required
def all_source_submissions(source_uuid: str) -> Tuple[flask.Response, int]:
Expand Down
35 changes: 35 additions & 0 deletions securedrop/tests/test_journalist_api.py
View file
Open in desktop
Expand Up @@ -181,6 +181,7 @@ def test_user_without_token_cannot_del_protected_endpoints(journalist_app,
url_for('api.single_submission', source_uuid=uuid,
submission_uuid=test_submissions['submissions'][0].uuid),
url_for('api.remove_star', source_uuid=uuid),
url_for('api.source_conversation', source_uuid=uuid),
]

with journalist_app.test_client() as app:
Expand Down Expand Up @@ -572,6 +573,40 @@ def test_authorized_user_can_delete_single_reply(journalist_app, test_files,
assert Reply.query.filter(Reply.uuid == reply_uuid).all() == []


def test_authorized_user_can_delete_source_conversation(journalist_app,
test_files,
journalist_api_token):
with journalist_app.test_client() as app:
uuid = test_files['source'].uuid
source_id = test_files['source'].id

# Submissions and Replies both exist
assert not Submission.query.filter(source_id == source_id).all() == []
assert not Reply.query.filter(source_id == source_id).all() == []

response = app.delete(url_for('api.source_conversation', source_uuid=uuid),
headers=get_api_headers(journalist_api_token))

assert response.status_code == 200

# Submissions and Replies do not exist
assert Submission.query.filter(source_id == source_id).all() == []
assert Reply.query.filter(source_id == source_id).all() == []

# Source still exists
assert not Source.query.filter(uuid == uuid).all() == []


def test_source_conversation_does_not_support_get(journalist_app, test_source,
journalist_api_token):
with journalist_app.test_client() as app:
uuid = test_source['source'].uuid
response = app.get(url_for('api.source_conversation', source_uuid=uuid),
headers=get_api_headers(journalist_api_token))

assert response.status_code == 405


def test_authorized_user_can_delete_source_collection(journalist_app,
test_source,
journalist_api_token):
Expand Down