Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds /sources/<source_uuid>/conversation endpoint supporting DELETE #5963

Merged
merged 2 commits into from
Jun 2, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions securedrop/journalist_app/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,16 @@ def flag(source_uuid: str) -> Tuple[flask.Response, int]:
db.session.commit()
return jsonify({'message': 'Source flagged for reply'}), 200

@api.route('/sources/<source_uuid>/conversation', methods=['DELETE'])
@token_required
def source_conversation(source_uuid: str) -> Tuple[flask.Response, int]:
if request.method == 'DELETE':
source = get_or_404(Source, source_uuid, column=Source.uuid)
utils.delete_source_files(source.filesystem_id)
return jsonify({'message': 'Source data deleted'}), 200
else:
abort(405)

@api.route('/sources/<source_uuid>/submissions', methods=['GET'])
@token_required
def all_source_submissions(source_uuid: str) -> Tuple[flask.Response, int]:
Expand Down
35 changes: 35 additions & 0 deletions securedrop/tests/test_journalist_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,7 @@ def test_user_without_token_cannot_del_protected_endpoints(journalist_app,
url_for('api.single_submission', source_uuid=uuid,
submission_uuid=test_submissions['submissions'][0].uuid),
url_for('api.remove_star', source_uuid=uuid),
url_for('api.source_conversation', source_uuid=uuid),
]

with journalist_app.test_client() as app:
Expand Down Expand Up @@ -572,6 +573,40 @@ def test_authorized_user_can_delete_single_reply(journalist_app, test_files,
assert Reply.query.filter(Reply.uuid == reply_uuid).all() == []


def test_authorized_user_can_delete_source_conversation(journalist_app,
test_files,
journalist_api_token):
with journalist_app.test_client() as app:
uuid = test_files['source'].uuid
source_id = test_files['source'].id

# Submissions and Replies both exist
assert not Submission.query.filter(source_id == source_id).all() == []
assert not Reply.query.filter(source_id == source_id).all() == []

response = app.delete(url_for('api.source_conversation', source_uuid=uuid),
headers=get_api_headers(journalist_api_token))

assert response.status_code == 200

# Submissions and Replies do not exist
assert Submission.query.filter(source_id == source_id).all() == []
assert Reply.query.filter(source_id == source_id).all() == []

# Source still exists
assert not Source.query.filter(uuid == uuid).all() == []


def test_source_conversation_does_not_support_get(journalist_app, test_source,
journalist_api_token):
with journalist_app.test_client() as app:
uuid = test_source['source'].uuid
response = app.get(url_for('api.source_conversation', source_uuid=uuid),
headers=get_api_headers(journalist_api_token))

assert response.status_code == 405


def test_authorized_user_can_delete_source_collection(journalist_app,
test_source,
journalist_api_token):
Expand Down