🗃️(backend) make document/template creation atomic

When creating a new document/template via the API, we add the
logged-in user as owner of the created object. This should be
done atomically with the object creation to make sure we don't
end-up with an orphan object that the creator can't access
anymore.

src/backend/core/api/viewsets.py

@@ -14,15 +14,6 @@ from django.core.exceptions import ValidationError
 from django.core.files.storage import default_storage
 from django.db import models as db
 from django.db import transaction
-from django.db.models import (
-    Exists,
-    F,
-    Func,
-    OuterRef,
-    Q,
-    Subquery,
-    Value,
-)
 from django.db.models.expressions import RawSQL
 from django.db.models.functions import Left, Length
 from django.http import Http404
@@ -579,6 +570,7 @@ class DocumentViewSet(
 
         return drf.response.Response(serializer.data)
 
+    @transaction.atomic
     def perform_create(self, serializer):
         """Set the current user as creator and owner of the newly created object."""
         obj = models.Document.add_root(
@@ -1250,6 +1242,7 @@ class TemplateViewSet(
         serializer = self.get_serializer(queryset, many=True)
         return drf.response.Response(serializer.data)
 
+    @transaction.atomic
     def perform_create(self, serializer):
         """Set the current user as owner of the newly created object."""
         obj = serializer.save()

src/backend/core/tests/documents/test_api_documents_trashbin.py

@@ -85,6 +85,7 @@ def test_api_documents_trashbin_format():
             "media_auth": True,
             "move": False,  # Can't move a deleted document
             "partial_update": True,
+            "restore": True,
             "retrieve": True,
             "update": True,
             "versions_destroy": True,