studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🧑‍💻(backend) do not allow to delete a domain

Browse Source 
At the moment a domain cannot be deleted.
We will be able to delete only pending domains and
simply turn to disabled an enabled domain.
This commit is contained in:
Sabrina Demagny
2024-08-02 16:28:23 +02:00
parent 63dee08be5
commit b1e1de0269
2 changed files with 3 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/mailbox_manager/api/viewsets.py
View File

@@ -14,7 +14,6 @@ class MailDomainViewSet(
mixins.CreateModelMixin, mixins.CreateModelMixin,
mixins.ListModelMixin, mixins.ListModelMixin,
mixins.RetrieveModelMixin, mixins.RetrieveModelMixin,
mixins.DestroyModelMixin,
viewsets.GenericViewSet, viewsets.GenericViewSet,
): ):
""" """
@@ -29,9 +28,6 @@ class MailDomainViewSet(
POST /api/<version>/mail-domains/ with expected data: POST /api/<version>/mail-domains/ with expected data:
- name: str - name: str
Return newly created domain Return newly created domain
DELETE /api/<version>/mail-domains/<domain-slug>/
Delete targeted team access
""" """
permission_classes = [permissions.AccessPermission] permission_classes = [permissions.AccessPermission]

71
src/backend/mailbox_manager/tests/api/mail_domain/test_api_mail_domains_delete.py
View File

@@ -25,10 +25,9 @@ def test_api_mail_domains__delete_anonymous():
assert models.MailDomain.objects.count() == 1 assert models.MailDomain.objects.count() == 1
def test_api_mail_domains__delete_authenticated_unrelated(): def test_api_mail_domains__delete_authenticated():
""" """
Authenticated users should not be allowed to delete a domain to which they are not Delete a domain is not allowed.
related.
""" """
user = core_factories.UserFactory() user = core_factories.UserFactory()
domain = factories.MailDomainFactory() domain = factories.MailDomainFactory()
@@ -39,69 +38,5 @@ def test_api_mail_domains__delete_authenticated_unrelated():
f"/api/v1.0/mail-domains/{domain.slug}/", f"/api/v1.0/mail-domains/{domain.slug}/",
) )
assert response.status_code == status.HTTP_404_NOT_FOUND assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED
assert response.json() == {"detail": "No MailDomain matches the given query."}
assert models.MailDomain.objects.count() == 1 assert models.MailDomain.objects.count() == 1
def test_api_mail_domains__delete_authenticated_member():
"""
Authenticated users should not be allowed to delete a domain
to which they are only a member.
"""
user = core_factories.UserFactory()
domain = factories.MailDomainFactory(users=[(user, "member")])
client = APIClient()
client.force_login(user)
response = client.delete(
f"/api/v1.0/mail-domains/{domain.slug}/",
)
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
assert models.MailDomain.objects.count() == 1
def test_api_mail_domains__delete_authenticated_administrator():
"""
Authenticated users should not be allowed to delete a domain
for which they are administrator.
"""
user = core_factories.UserFactory()
domain = factories.MailDomainFactory(users=[(user, "administrator")])
client = APIClient()
client.force_login(user)
response = client.delete(
f"/api/v1.0/mail-domains/{domain.slug}/",
)
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
assert models.MailDomain.objects.count() == 1
def test_api_mail_domains__delete_authenticated_owner():
"""
Authenticated users should be able to delete a domain
for which they are directly owner.
"""
user = core_factories.UserFactory()
domain = factories.MailDomainFactory(users=[(user, "owner")])
client = APIClient()
client.force_login(user)
response = client.delete(
f"/api/v1.0/mail-domains/{domain.slug}/",
)
assert response.status_code == status.HTTP_204_NO_CONTENT
assert models.MailDomain.objects.exists() is False