✨(backend) add soft delete to documents and refactor db queryset

Now that we have introduced a document tree structure, it is not possible to allow deleting documents anymore as it impacts the whole subtree below the deleted document and the consequences are too big. We introduce soft delete in order to give a second thought to the document's owner (who is the only one to be allowed to delete a document). After a document is soft deleted, the owner can still see it in the trashbin (/api/v1.0/documents/trashbin). After a grace period (30 days be default) the document disappears from the trashbin and can't be restored anymore. Note that even then it is still kept in database. Cleaning the database to erase deleted documents after the grace period can be done as a maintenance script.
2025-01-02 17:20:09 +01:00
parent 4de03d292a
commit 8ccfdb3c6a
21 changed files with 1373 additions and 252 deletions
--- a/src/backend/core/api/permissions.py
+++ b/src/backend/core/api/permissions.py
@@ -2,10 +2,11 @@

 from django.core import exceptions
 from django.db.models import Q
+from django.http import Http404

 from rest_framework import permissions

-from core.models import DocumentAccess, RoleChoices
+from core.models import DocumentAccess, RoleChoices, get_trashbin_cutoff

 ACTION_FOR_METHOD_TO_PERMISSION = {
    "versions_detail": {"DELETE": "versions_destroy", "GET": "versions_retrieve"},
@@ -110,3 +111,26 @@ class AccessPermission(permissions.BasePermission):
        except KeyError:
            pass
        return abilities.get(action, False)
+
+
+class DocumentAccessPermission(AccessPermission):
+    """Subclass to handle soft deletion specificities."""
+
+    def has_object_permission(self, request, view, obj):
+        """
+        Return a 404 on deleted documents
+        - for which the trashbin cutoff is past
+        - for which the current user is not owner of the document or one of its ancestors
+        """
+        if (
+            deleted_at := obj.ancestors_deleted_at
+        ) and deleted_at < get_trashbin_cutoff():
+            raise Http404
+
+        # Compute permission first to ensure the "user_roles" attribute is set
+        has_permission = super().has_object_permission(request, view, obj)
+
+        if obj.ancestors_deleted_at and not RoleChoices.OWNER in obj.user_roles:
+            raise Http404
+
+        return has_permission