Cannot bulk archive draft surveys

kobotoolbox · Apr 6, 2023 · df05530 · df05530
1 parent f74980b
commit df05530
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/kpi/serializers/v2/asset.py b/kpi/serializers/v2/asset.py
@@ -3,7 +3,7 @@
 
 import json
 import re
-from distutils import util
+
 
 from constance import config
 from django.conf import settings
@@ -29,6 +29,7 @@
     ASSET_STATUS_PRIVATE,
     ASSET_STATUS_PUBLIC,
     ASSET_STATUS_SHARED,
+    ASSET_TYPE_SURVEY,
     ASSET_TYPES,
     ASSET_TYPE_COLLECTION,
     PERM_CHANGE_ASSET,
@@ -114,6 +115,7 @@ def validate_payload(self, payload: dict) -> dict:
             asset_uids = []
 
         self._has_perms(payload, asset_uids)
+        self._validate_asset_types(payload, asset_uids)
 
         return payload
 
@@ -256,6 +258,21 @@ def _validate_action(self, payload: dict):
         ):
             raise exceptions.PermissionDenied()
 
+    def _validate_asset_types(self, payload: dict, asset_uids: list[str]):
+        delete_request, put_back_ = self._get_action_type_and_direction(payload)
+
+        if put_back_ or delete_request or not asset_uids:
+            return
+
+        if Asset.objects.filter(
+            asset_type=ASSET_TYPE_SURVEY,
+            uid__in=asset_uids,
+            _deployment_data={},
+        ).exists():
+            raise serializers.ValidationError(
+                t('Draft projects cannot be archived')
+            )
+
     def _validate_confirm(self, payload: dict):
 
         if not payload.get('confirm'):

diff --git a/kpi/tests/api/v2/test_api_asset_bulk_actions.py b/kpi/tests/api/v2/test_api_asset_bulk_actions.py
@@ -239,6 +239,18 @@ def test_project_manager_can_archive_project(self):
         assert detail_response.status_code == status.HTTP_200_OK
         assert detail_response.data['deployment__active'] is False
 
+    def test_user_cannot_archive_drafts(self):
+        self._login_user('someuser')
+        deployed_asset = self._add_one_asset_for_someuser()
+        asset = Asset.objects.create(
+            owner=User.objects.get(username='someuser'),
+            asset_type=ASSET_TYPE_SURVEY
+        )
+        response = self._create_send_payload(
+            [deployed_asset.uid, asset.uid], 'archive'
+        )
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+
 
 class AssetBulkDeleteAPITestCase(BaseAssetBulkActionsTestCase):