Merge pull request #19 from tracim/feature/699_endpoint_to_delete_user

backend/README.md

@@ -77,6 +77,10 @@ Initialize the database using [tracimcli](doc/cli.md) tool
 
     tracimcli db init
 
+Stamp current version of database to last (useful for migration):
+
+    alembic -c development.ini stamp head
+
 create wsgidav configuration file for webdav:
 
     cp wsgidav.conf.sample wsgidav.conf

backend/doc/migration.md

@@ -28,6 +28,10 @@ and active the Tracim virtualenv:
 
     alembic -c development.ini current
 
+## Set Alembic stamp to last version (first time use) ##
+
+    alembic -c development.ini stamp head
+
 ### Creating new schema migration ###
 
 This creates a new auto-generated python migration file 

backend/doc/roles.md

@@ -23,7 +23,8 @@ The other is workspace related and is called "workspace role".
 | delete workspace              |  no         | yes, if manager of a given workspace         | yes     |
 |-------------------------------|-------------|-------------|---------|
 | set user global profile rights|  no         | no          | yes     |
-| deactivate user               |  no         | no          | yes     |
+| activate/deactivate user      |  no         | no          | yes     |
+| delete user/ undelete user    |  no         | no          | yes     |
 |-------------------------------|-------------|-------------|---------|
 | access to all user data (/users/{user_id} endpoints) |personal-only|personal-only| yes     |
 

backend/tracim_backend/lib/core/user.py

@@ -34,13 +34,18 @@ class UserApi(object):
             current_user: typing.Optional[User],
             session: Session,
             config: CFG,
+            show_deleted: bool = False,
     ) -> None:
         self._session = session
         self._user = current_user
         self._config = config
+        self._show_deleted = show_deleted
 
     def _base_query(self):
-        return self._session.query(User)
+        query = self._session.query(User)
+        if not self._show_deleted:
+            query = query.filter(User.is_deleted == False)
+        return query
 
     def get_user_with_context(self, user: User) -> UserInContext:
         """
@@ -382,6 +387,16 @@ class UserApi(object):
         if do_save:
             self.save(user)
 
+    def delete(self, user: User, do_save=False):
+        user.is_deleted = True
+        if do_save:
+            self.save(user)
+
+    def undelete(self, user: User, do_save=False):
+        user.is_deleted = False
+        if do_save:
+            self.save(user)
+
     def save(self, user: User):
         self._session.flush()
 

backend/tracim_backend/lib/utils/request.py

@@ -293,7 +293,7 @@ class TracimRequest(Request):
         :return: user found from header/body
         """
         app_config = request.registry.settings['CFG']
-        uapi = UserApi(None, session=request.dbsession, config=app_config)
+        uapi = UserApi(None, show_deleted=True, session=request.dbsession, config=app_config)
         login = ''
         try:
             login = None

backend/tracim_backend/migration/versions/78b52ca39419_add_is_deleted_to_user.py

@@ -0,0 +1,26 @@
+"""add_is_deleted_to_user
+
+Revision ID: 78b52ca39419
+Revises: ad79f58ec2bf
+Create Date: 2018-08-09 15:50:49.656925
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '78b52ca39419'
+down_revision = 'ad79f58ec2bf'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('users', sa.Column('is_deleted', sa.Boolean(), server_default=sa.sql.expression.literal(False), nullable=False))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('users', 'is_deleted')
+    # ### end Alembic commands ###

backend/tracim_backend/models/auth.py

@@ -15,6 +15,7 @@ from datetime import datetime
 from hashlib import sha256
 from typing import TYPE_CHECKING
 
+import sqlalchemy
 from sqlalchemy import Column
 from sqlalchemy import ForeignKey
 from sqlalchemy import Sequence
@@ -135,6 +136,7 @@ class User(DeclarativeBase):
     _password = Column('password', Unicode(128))
     created = Column(DateTime, default=datetime.utcnow)
     is_active = Column(Boolean, default=True, nullable=False)
+    is_deleted = Column(Boolean, default=False, nullable=False, server_default=sqlalchemy.sql.expression.literal(False))
     imported_from = Column(Unicode(32), nullable=True)
     timezone = Column(Unicode(255), nullable=False, server_default='')
     # TODO - G.M - 04-04-2018 - [auth] Check if this is already needed

backend/tracim_backend/models/context_models.py

@@ -406,6 +406,10 @@ class UserInContext(object):
     def profile(self) -> Profile:
         return self.user.profile.name
 
+    @property
+    def is_deleted(self) -> bool:
+        return self.user.is_deleted
+
     # Context related
 
     @property

backend/tracim_backend/tests/functional/test_user.py

@@ -2533,6 +2533,7 @@ class TestUserEndpoint(FunctionalTest):
         assert res['email'] == 'test@test.test'
         assert res['public_name'] == 'bob'
         assert res['timezone'] == 'Europe/Paris'
+        assert res['is_deleted'] is False
 
     def test_api__get_user__ok_200__user_itself(self):
         dbsession = get_tm_session(self.session_factory, transaction.manager)
@@ -2582,6 +2583,7 @@ class TestUserEndpoint(FunctionalTest):
         assert res['email'] == 'test@test.test'
         assert res['public_name'] == 'bob'
         assert res['timezone'] == 'Europe/Paris'
+        assert res['is_deleted'] is False
 
     def test_api__get_user__err_403__other_normal_user(self):
         dbsession = get_tm_session(self.session_factory, transaction.manager)
@@ -2634,6 +2636,52 @@ class TestUserEndpoint(FunctionalTest):
             status=403
         )
 
+    def test_api_delete_user__ok_200__admin(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        transaction.commit()
+        user_id = int(test_user.user_id)
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        self.testapp.put(
+            '/api/v2/users/{}/delete'.format(user_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/users/{}'.format(user_id),
+            status=200
+        ).json_body
+        assert res['is_deleted'] is True
+
 
 class TestUsersEndpoint(FunctionalTest):
     # -*- coding: utf-8 -*-

backend/tracim_backend/views/core_api/schemas.py

@@ -75,6 +75,10 @@ class UserSchema(UserDigestSchema):
         example=True,
         description='Is user account activated ?'
     )
+    is_deleted = marshmallow.fields.Bool(
+        example=False,
+        description='Is user account deleted ?'
+    )
     # TODO - G.M - 17-04-2018 - Restrict timezone values
     timezone = marshmallow.fields.String(
         example="Europe/Paris",

backend/tracim_backend/views/core_api/user_controller.py

@@ -244,6 +244,41 @@ class UserController(Controller):
     @require_profile(Group.TIM_ADMIN)
     @hapic.input_path(UserIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def delete_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        delete user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        uapi.delete(user=request.candidate_user, do_save=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def undelete_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        undelete user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+            show_deleted=True,
+        )
+        uapi.undelete(user=request.candidate_user, do_save=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def disable_user(self, context, request: TracimRequest, hapic_data=None):
         """
         disable user
@@ -464,6 +499,14 @@ class UserController(Controller):
         configurator.add_route('disable_user', '/users/{user_id}/disable', request_method='PUT')  # nopep8
         configurator.add_view(self.disable_user, route_name='disable_user')
 
+        # delete user
+        configurator.add_route('delete_user', '/users/{user_id}/delete', request_method='PUT')  # nopep8
+        configurator.add_view(self.delete_user, route_name='delete_user')
+
+        # undelete user
+        configurator.add_route('undelete_user', '/users/{user_id}/undelete', request_method='PUT')  # nopep8
+        configurator.add_view(self.undelete_user, route_name='undelete_user')
+
         # set user profile
         configurator.add_route('set_user_profile', '/users/{user_id}/profile', request_method='PUT')  # nopep8
         configurator.add_view(self.set_profile, route_name='set_user_profile')