add endpoints + test for delete/undelete workspace

backend/doc/roles.md

@@ -20,6 +20,7 @@ The other is workspace related and is called "workspace role".
 |-------------------------------|-------------|-------------|---------|
 | create workspace              |  no         | yes         | yes     |
 | invite user to tracim         |  no         | yes, if manager of a given workspace         | yes     |
+  delete workspace              |  no         | yes, if manager of a given workspace         | yes     |
 |-------------------------------|-------------|-------------|---------|
 | set user global profile rights|  no         | no          | yes     |
 | deactivate user               |  no         | no          | yes     |

backend/tracim_backend/lib/utils/authorization.py

@@ -90,6 +90,40 @@ def require_profile(group: int) -> typing.Callable:
     return decorator
 
 
+def require_profile_or_other_profile_with_workspace_role(
+        allow_all_group: int,
+        allow_if_role_group: int,
+        minimal_required_role: int,
+) -> typing.Callable:
+    """
+    Allow access for allow_all_group profile
+    or allow access for allow_if_role_group
+    profile if mininal_required_role is correct.
+    :param allow_all_group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :param allow_if_role_group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :param minimal_required_role: value from UserInWorkspace Object like
+    UserRoleInWorkspace.CONTRIBUTOR or UserRoleInWorkspace.READER
+    :return: decorator
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            workspace = request.current_workspace
+            if user.profile.id >= allow_all_group:
+                return func(self, context, request)
+            elif user.profile.id >= allow_if_role_group:
+                if workspace.get_user_role(user) >= minimal_required_role:
+                    return func(self, context, request)
+                raise InsufficientUserRoleInWorkspace()
+            else:
+                raise InsufficientUserProfile()
+        return wrapper
+    return decorator
+
+
 def require_workspace_role(minimal_required_role: int) -> typing.Callable:
     """
     Restricts access to endpoint to minimal role or raise an exception.

backend/tracim_backend/lib/utils/request.py

@@ -351,7 +351,8 @@ class TracimRequest(Request):
             wapi = WorkspaceApi(
                 current_user=user,
                 session=request.dbsession,
-                config=request.registry.settings['CFG']
+                config=request.registry.settings['CFG'],
+                show_deleted=True,
             )
             workspace = wapi.get_one(workspace_id)
         except NoResultFound as exc:
@@ -386,7 +387,8 @@ class TracimRequest(Request):
             wapi = WorkspaceApi(
                 current_user=user,
                 session=request.dbsession,
-                config=request.registry.settings['CFG']
+                config=request.registry.settings['CFG'],
+                show_deleted=True,
             )
             workspace = wapi.get_one(workspace_id)
         except JSONDecodeError as exc:

backend/tracim_backend/tests/functional/test_workspaces.py

@@ -8,9 +8,13 @@ from depot.io.utils import FileIntent
 
 from tracim_backend import models
 from tracim_backend.lib.core.content import ContentApi
+from tracim_backend.lib.core.group import GroupApi
+from tracim_backend.lib.core.user import UserApi
+from tracim_backend.lib.core.userworkspace import RoleApi
 from tracim_backend.lib.core.workspace import WorkspaceApi
 from tracim_backend.models import get_tm_session
 from tracim_backend.models.contents import CONTENT_TYPES
+from tracim_backend.models.data import UserRoleInWorkspace
 from tracim_backend.tests import FunctionalTest
 from tracim_backend.tests import set_html_document_slug_to_legacy
 from tracim_backend.fixtures.content import Content as ContentFixtures
@@ -211,6 +215,610 @@ class TestWorkspaceEndpoint(FunctionalTest):
             params=params,
         )
 
+    def test_api__delete_workspace__ok_200__admin(self) -> None:
+        """
+        Test delete workspace as admin
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('administrators')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=403
+        )
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__delete_workspace__ok_200__manager_workspace_manager(self) -> None:
+        """
+        Test delete workspace as global manager and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__delete_workspace__err_403__user_workspace_manager(self) -> None:
+        """
+        Test delete workspace as simple user and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__delete_workspace__err_403__manager_reader(self) -> None:
+        """
+        Test delete workspace as manager and reader of the workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.READER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__delete_workspace__err_400__manager(self) -> None:
+        """
+        Test delete workspace as global manager without having any role in the
+        workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.create_user('test@test.test', password='test@test.test',
+                                do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test',
+                                                   save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=400
+        )
+
+    def test_api__undelete_workspace__ok_200__admin(self) -> None:
+        """
+        Test undelete workspace as admin
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('administrators')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=403
+        )
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__undelete_workspace__ok_200__manager_workspace_manager(self) -> None:
+        """
+        Test undelete workspace as global manager and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__undelete_workspace__err_403__user_workspace_manager(self) -> None:
+        """
+        Test undelete workspace as simple user and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__undelete_workspace__err_403__manager_reader(self) -> None:
+        """
+        Test undelete workspace as manager and reader of the workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.READER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__undelete_workspace__err_400__manager(self) -> None:
+        """
+        Test delete workspace as global manager without having any role in the
+        workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.create_user('test@test.test', password='test@test.test',
+                                do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=400
+        )
+
     def test_api__get_workspace__err_400__unallowed_user(self) -> None:
         """
         Check obtain workspace unreachable for user

backend/tracim_backend/views/core_api/workspace_controller.py

@@ -16,6 +16,7 @@ from tracim_backend.lib.core.workspace import WorkspaceApi
 from tracim_backend.lib.core.content import ContentApi
 from tracim_backend.lib.core.userworkspace import RoleApi
 from tracim_backend.lib.utils.authorization import require_workspace_role
+from tracim_backend.lib.utils.authorization import require_profile_or_other_profile_with_workspace_role
 from tracim_backend.lib.utils.authorization import require_profile
 from tracim_backend.models import Group
 from tracim_backend.lib.utils.authorization import require_candidate_workspace_role
@@ -118,6 +119,51 @@ class WorkspaceController(Controller):
         return wapi.get_workspace_with_context(workspace)
 
     @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_profile_or_other_profile_with_workspace_role(
+        Group.TIM_ADMIN,
+        Group.TIM_MANAGER,
+        UserRoleInWorkspace.WORKSPACE_MANAGER,
+    )
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def delete_workspace(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        delete workspace
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        wapi.delete(request.current_workspace, flush=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_profile_or_other_profile_with_workspace_role(
+        Group.TIM_ADMIN,
+        Group.TIM_MANAGER,
+        UserRoleInWorkspace.WORKSPACE_MANAGER,
+    )
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def undelete_workspace(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        restore deleted workspace
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+            show_deleted=True,
+        )
+        wapi.undelete(request.current_workspace, flush=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.output_body(WorkspaceMemberSchema(many=True))
@@ -512,6 +558,11 @@ class WorkspaceController(Controller):
         # Create workspace
         configurator.add_route('create_workspace', '/workspaces', request_method='POST')  # nopep8
         configurator.add_view(self.create_workspace, route_name='create_workspace')  # nopep8
+        # Delete/Undelete workpace
+        configurator.add_route('delete_workspace', '/workspaces/{workspace_id}/delete', request_method='PUT')  # nopep8
+        configurator.add_view(self.delete_workspace, route_name='delete_workspace')  # nopep8
+        configurator.add_route('undelete_workspace', '/workspaces/{workspace_id}/undelete', request_method='PUT')  # nopep8
+        configurator.add_view(self.undelete_workspace, route_name='undelete_workspace')  # nopep8
         # Update Workspace
         configurator.add_route('update_workspace', '/workspaces/{workspace_id}', request_method='PUT')  # nopep8
         configurator.add_view(self.update_workspace, route_name='update_workspace')  # nopep8