studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(invitations) can delete domain invitations

Browse Source 
add delete method to domain viewset
This commit is contained in:
Marie PUPO JEAMMET
2026-01-27 11:26:16 +01:00
committed by Marie
parent ca56eb0cac
commit be64abb22f
3 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -8,6 +8,10 @@ and this project adheres to
## [Unreleased] ## [Unreleased]
### Added
- ✨(invitations) can delete domain invitations
## [1.22.2] - 2026-01-26 ## [1.22.2] - 2026-01-26
### Fixed ### Fixed

4
src/backend/mailbox_manager/api/client/viewsets.py
View File

@@ -348,6 +348,7 @@ class MailDomainInvitationViewset(
mixins.CreateModelMixin, mixins.CreateModelMixin,
mixins.ListModelMixin, mixins.ListModelMixin,
mixins.RetrieveModelMixin, mixins.RetrieveModelMixin,
mixins.DestroyModelMixin,
viewsets.GenericViewSet, viewsets.GenericViewSet,
): ):
"""API ViewSet for user invitations to domain management. """API ViewSet for user invitations to domain management.
@@ -365,6 +366,9 @@ class MailDomainInvitationViewset(
PUT / PATCH : Not permitted. Instead of updating your invitation, PUT / PATCH : Not permitted. Instead of updating your invitation,
delete and create a new one. delete and create a new one.
DELETE /api/<version>/mail-domains/<domain_slug>/invitations/:<invitation_id>/
Delete targeted invitation
""" """
lookup_field = "id" lookup_field = "id"

59
src/backend/mailbox_manager/tests/api/invitations/test_api_domain_invitations_delete.py Normal file
View File

@@ -0,0 +1,59 @@
"""
Tests for MailDomainInvitations API endpoint in People's app mailbox_manager.
Focus on "delete" action.
"""
import pytest
from rest_framework import status
from rest_framework.test import APIClient
from mailbox_manager import factories
pytestmark = pytest.mark.django_db
def test_api_domain_invitations__delete__anonymous():
"""Anonymous users should not be able to delete invitations."""
domain = factories.MailDomainEnabledFactory()
invitation = factories.MailDomainInvitationFactory()
response = APIClient().delete(
f"/api/v1.0/mail-domains/{domain.slug}/invitations/{invitation.id}/",
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.json() == {
"detail": "Authentication credentials were not provided."
}
def test_api_domain_invitations__delete__no_access_not_found():
"""Users should not be permitted to delete invitations
on domains they don't manage."""
domain = factories.MailDomainEnabledFactory()
invitation = factories.MailDomainInvitationFactory()
other_access = factories.MailDomainAccessFactory(role="owner") # unrelated access
client = APIClient()
client.force_login(other_access.user)
response = client.delete(
f"/api/v1.0/mail-domains/{domain.slug}/invitations/{invitation.id}/",
)
assert response.status_code == status.HTTP_404_NOT_FOUND
@pytest.mark.parametrize(
"role",
["owner", "administrator"],
)
def test_api_domain_invitations__delete_admins_ok(role):
"""Domain owners and admins should be able to delete invitations."""
access = factories.MailDomainAccessFactory(role=role)
invitation = factories.MailDomainInvitationFactory(domain=access.domain)
client = APIClient()
client.force_login(access.user)
response = client.delete(
f"/api/v1.0/mail-domains/{access.domain.slug}/invitations/{invitation.id}/",
)
assert response.status_code == status.HTTP_204_NO_CONTENT