Merge pull request #18 from tracim/feature/add_few_delete_endpoints

backend/doc/roles.md

@@ -9,7 +9,7 @@ The other is workspace related and is called "workspace role".
 
 |                               | Normal User | Managers    | Admin          |
 |-------------------------------|-------------|-------------|----------------|
-| slug                            | users       | managers    | administrators |
+| slug                          | users       | managers    | administrators |
 |-------------------------------|-------------|-------------|---------|
 
 
@@ -20,6 +20,7 @@ The other is workspace related and is called "workspace role".
 |-------------------------------|-------------|-------------|---------|
 | create workspace              |  no         | yes         | yes     |
 | invite user to tracim         |  no         | yes, if manager of a given workspace         | yes     |
+| delete workspace              |  no         | yes, if manager of a given workspace         | yes     |
 |-------------------------------|-------------|-------------|---------|
 | set user global profile rights|  no         | no          | yes     |
 | deactivate user               |  no         | no          | yes     |

backend/tracim_backend/lib/core/workspace.py

@@ -27,7 +27,8 @@ class WorkspaceApi(object):
             session: Session,
             current_user: User,
             config: CFG,
-            force_role: bool=False
+            force_role: bool=False,
+            show_deleted: bool=False,
     ):
         """
         :param current_user: Current user of context
@@ -37,18 +38,22 @@ class WorkspaceApi(object):
         self._user = current_user
         self._config = config
         self._force_role = force_role
+        self.show_deleted = show_deleted
 
     def _base_query_without_roles(self):
-        return self._session.query(Workspace).filter(Workspace.is_deleted == False)
+        query = self._session.query(Workspace)
+        if not self.show_deleted:
+            query = query.filter(Workspace.is_deleted == False)
+        return query
 
     def _base_query(self):
         if not self._force_role and self._user.profile.id>=Group.TIM_ADMIN:
             return self._base_query_without_roles()
 
-        return self._session.query(Workspace).\
-            join(Workspace.roles).\
-            filter(UserRoleInWorkspace.user_id == self._user.user_id).\
-            filter(Workspace.is_deleted == False)
+        query = self._base_query_without_roles()
+        query = query.join(Workspace.roles).\
+            filter(UserRoleInWorkspace.user_id == self._user.user_id)
+        return query
 
     def get_workspace_with_context(
             self,
@@ -207,17 +212,13 @@ class WorkspaceApi(object):
     def save(self, workspace: Workspace):
         self._session.flush()
 
-    def delete_one(self, workspace_id, flush=True):
-        workspace = self.get_one(workspace_id)
+    def delete(self, workspace: Workspace, flush=True):
         workspace.is_deleted = True
 
         if flush:
             self._session.flush()
 
-    def restore_one(self, workspace_id, flush=True):
-        workspace = self._session.query(Workspace)\
-            .filter(Workspace.is_deleted==True)\
-            .filter(Workspace.workspace_id==workspace_id).one()
+    def undelete(self, workspace: Workspace, flush=True):
         workspace.is_deleted = False
 
         if flush:

backend/tracim_backend/lib/utils/authorization.py

@@ -90,6 +90,40 @@ def require_profile(group: int) -> typing.Callable:
     return decorator
 
 
+def require_profile_or_other_profile_with_workspace_role(
+        allow_all_group: int,
+        allow_if_role_group: int,
+        minimal_required_role: int,
+) -> typing.Callable:
+    """
+    Allow access for allow_all_group profile
+    or allow access for allow_if_role_group
+    profile if mininal_required_role is correct.
+    :param allow_all_group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :param allow_if_role_group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :param minimal_required_role: value from UserInWorkspace Object like
+    UserRoleInWorkspace.CONTRIBUTOR or UserRoleInWorkspace.READER
+    :return: decorator
+    """
+    def decorator(func: typing.Callable) -> typing.Callable:
+        @functools.wraps(func)
+        def wrapper(self, context, request: 'TracimRequest') -> typing.Callable:
+            user = request.current_user
+            workspace = request.current_workspace
+            if user.profile.id >= allow_all_group:
+                return func(self, context, request)
+            elif user.profile.id >= allow_if_role_group:
+                if workspace.get_user_role(user) >= minimal_required_role:
+                    return func(self, context, request)
+                raise InsufficientUserRoleInWorkspace()
+            else:
+                raise InsufficientUserProfile()
+        return wrapper
+    return decorator
+
+
 def require_workspace_role(minimal_required_role: int) -> typing.Callable:
     """
     Restricts access to endpoint to minimal role or raise an exception.

backend/tracim_backend/lib/utils/request.py

@@ -355,7 +355,8 @@ class TracimRequest(Request):
             wapi = WorkspaceApi(
                 current_user=user,
                 session=request.dbsession,
-                config=request.registry.settings['CFG']
+                config=request.registry.settings['CFG'],
+                show_deleted=True,
             )
             workspace = wapi.get_one(workspace_id)
         except NoResultFound as exc:
@@ -390,7 +391,8 @@ class TracimRequest(Request):
             wapi = WorkspaceApi(
                 current_user=user,
                 session=request.dbsession,
-                config=request.registry.settings['CFG']
+                config=request.registry.settings['CFG'],
+                show_deleted=True,
             )
             workspace = wapi.get_one(workspace_id)
         except JSONDecodeError as exc:

backend/tracim_backend/models/context_models.py

@@ -470,6 +470,13 @@ class WorkspaceInContext(object):
         return slugify(self.workspace.label)
 
     @property
+    def is_deleted(self) -> bool:
+        """
+        Is the workspace deleted ?
+        """
+        return self.workspace.is_deleted
+
+    @property
     def sidebar_entries(self) -> typing.List[WorkspaceMenuEntry]:
         """
         get sidebar entries, those depends on activated apps.

backend/tracim_backend/tests/functional/test_user.py

@@ -2382,6 +2382,7 @@ class TestUserWorkspaceEndpoint(FunctionalTest):
         assert workspace['workspace_id'] == 1
         assert workspace['label'] == 'Business'
         assert workspace['slug'] == 'business'
+        assert workspace['is_deleted'] is False
         assert len(workspace['sidebar_entries']) == 5
 
         # TODO - G.M - 2018-08-02 - Better test for sidebar entry, make it
@@ -2421,7 +2422,6 @@ class TestUserWorkspaceEndpoint(FunctionalTest):
         assert sidebar_entry['hexcolor'] == "#ad4cf9"
         assert sidebar_entry['fa_icon'] == "comments-o"
 
-
     def test_api__get_user_workspaces__err_403__unallowed_user(self):
         """
         Check obtain all workspaces reachables for one user

backend/tracim_backend/tests/functional/test_workspaces.py

@@ -8,9 +8,13 @@ from depot.io.utils import FileIntent
 
 from tracim_backend import models
 from tracim_backend.lib.core.content import ContentApi
+from tracim_backend.lib.core.group import GroupApi
+from tracim_backend.lib.core.user import UserApi
+from tracim_backend.lib.core.userworkspace import RoleApi
 from tracim_backend.lib.core.workspace import WorkspaceApi
 from tracim_backend.models import get_tm_session
 from tracim_backend.models.contents import CONTENT_TYPES
+from tracim_backend.models.data import UserRoleInWorkspace
 from tracim_backend.tests import FunctionalTest
 from tracim_backend.tests import set_html_document_slug_to_legacy
 from tracim_backend.fixtures.content import Content as ContentFixtures
@@ -41,6 +45,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
         assert workspace['slug'] == 'business'
         assert workspace['label'] == 'Business'
         assert workspace['description'] == 'All importants documents'
+        assert workspace['is_deleted'] is False
         assert len(workspace['sidebar_entries']) == 5
 
         # TODO - G.M - 2018-08-02 - Better test for sidebar entry, make it
@@ -106,6 +111,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
         assert workspace['slug'] == 'business'
         assert workspace['label'] == 'Business'
         assert workspace['description'] == 'All importants documents'
+        assert workspace['is_deleted'] is False
         assert len(workspace['sidebar_entries']) == 5
 
         # modify workspace
@@ -120,6 +126,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
         assert workspace['slug'] == 'superworkspace'
         assert workspace['label'] == 'superworkspace'
         assert workspace['description'] == 'mysuperdescription'
+        assert workspace['is_deleted'] is False
         assert len(workspace['sidebar_entries']) == 5
 
         # after
@@ -133,6 +140,7 @@ class TestWorkspaceEndpoint(FunctionalTest):
         assert workspace['slug'] == 'superworkspace'
         assert workspace['label'] == 'superworkspace'
         assert workspace['description'] == 'mysuperdescription'
+        assert workspace['is_deleted'] is False
         assert len(workspace['sidebar_entries']) == 5
 
     def test_api__update_workspace__err_400__empty_label(self) -> None:
@@ -207,6 +215,610 @@ class TestWorkspaceEndpoint(FunctionalTest):
             params=params,
         )
 
+    def test_api__delete_workspace__ok_200__admin(self) -> None:
+        """
+        Test delete workspace as admin
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('administrators')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=403
+        )
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__delete_workspace__ok_200__manager_workspace_manager(self) -> None:
+        """
+        Test delete workspace as global manager and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__delete_workspace__err_403__user_workspace_manager(self) -> None:
+        """
+        Test delete workspace as simple user and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__delete_workspace__err_403__manager_reader(self) -> None:
+        """
+        Test delete workspace as manager and reader of the workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.READER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__delete_workspace__err_400__manager(self) -> None:
+        """
+        Test delete workspace as global manager without having any role in the
+        workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.create_user('test@test.test', password='test@test.test',
+                                do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test',
+                                                   save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/delete'.format(workspace_id),
+            status=400
+        )
+
+    def test_api__undelete_workspace__ok_200__admin(self) -> None:
+        """
+        Test undelete workspace as admin
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('administrators')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=403
+        )
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__undelete_workspace__ok_200__manager_workspace_manager(self) -> None:
+        """
+        Test undelete workspace as global manager and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is False
+
+    def test_api__undelete_workspace__err_403__user_workspace_manager(self) -> None:
+        """
+        Test undelete workspace as simple user and workspace manager
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__undelete_workspace__err_403__manager_reader(self) -> None:
+        """
+        Test undelete workspace as manager and reader of the workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.READER, False)  # nopep8
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=403
+        )
+        res = self.testapp.get(
+            '/api/v2/workspaces/{}'.format(workspace_id),
+            status=200
+        )
+        workspace = res.json_body
+        assert workspace['is_deleted'] is True
+
+    def test_api__undelete_workspace__err_400__manager(self) -> None:
+        """
+        Test delete workspace as global manager without having any role in the
+        workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        user = uapi.create_user('test@test.test', password='test@test.test',
+                                do_save=True, do_notify=False)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        workspace_api.delete(workspace, flush=True)
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        transaction.commit()
+        workspace_id = int(workspace.workspace_id)
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test@test.test',
+                'test@test.test'
+            )
+        )
+        # delete
+        res = self.testapp.put(
+            '/api/v2/workspaces/{}/undelete'.format(workspace_id),
+            status=400
+        )
+
     def test_api__get_workspace__err_400__unallowed_user(self) -> None:
         """
         Check obtain workspace unreachable for user
@@ -599,6 +1211,121 @@ class TestWorkspaceMembersEndpoint(FunctionalTest):
         assert user_role['user_id'] == 1
         assert user_role['workspace_id'] == 1
 
+    def test_api__delete_workspace_member_role__ok_200__nominal_case(self):
+        """
+        Delete worskpace member role
+        """
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.delete(
+            '/api/v2/workspaces/{workspace_id}/members/{user_id}'.format(
+                workspace_id=workspace.workspace_id,
+                user_id=user.user_id,
+            ),
+            status=204,
+        )
+        # after
+        roles = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        for role in roles:
+            assert role['user_id'] != user.user_id
+
+    def test_api__delete_workspace_member_role__err_400__simple_user(self):
+        """
+        Delete worskpace member role
+        """
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        user2 = uapi.create_user('test2@test2.test2', password='test2@test2.test2', do_save=True, do_notify=False, groups=groups)  # nopep8
+        groups = [gapi.get_one_with_name('managers')]
+        user = uapi.create_user('test@test.test', password='test@test.test', do_save=True, do_notify=False, groups=groups)  # nopep8
+        workspace_api = WorkspaceApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+            show_deleted=True,
+        )
+        workspace = workspace_api.create_workspace('test', save_now=True)  # nopep8
+        rapi = RoleApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)  # nopep8
+        rapi.create_one(user2, workspace, UserRoleInWorkspace.READER, False)  # nopep8
+        transaction.commit()
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'test2@test2.test2',
+                'test2@test2.test2'
+            )
+        )
+        res = self.testapp.delete(
+            '/api/v2/workspaces/{workspace_id}/members/{user_id}'.format(
+                workspace_id=workspace.workspace_id,
+                user_id=user.user_id,
+            ),
+            status=403,
+        )
+        # after
+        roles = self.testapp.get(
+            '/api/v2/workspaces/{workspace_id}/members'.format(
+                workspace_id=workspace.workspace_id
+            ),
+            status=200
+        ).json_body
+        assert len([role for role in roles if role['user_id'] == user.user_id]) == 1  # nopep8
+
 
 class TestUserInvitationWithMailActivatedSync(FunctionalTest):
 

backend/tracim_backend/views/core_api/schemas.py

@@ -510,6 +510,7 @@ class WorkspaceDigestSchema(marshmallow.Schema):
         WorkspaceMenuEntrySchema,
         many=True,
     )
+    is_deleted = marshmallow.fields.Bool(example=False, default=False)
 
     class Meta:
         description = 'Digest of workspace informations'

backend/tracim_backend/views/core_api/workspace_controller.py

@@ -18,6 +18,7 @@ from tracim_backend.lib.core.workspace import WorkspaceApi
 from tracim_backend.lib.core.content import ContentApi
 from tracim_backend.lib.core.userworkspace import RoleApi
 from tracim_backend.lib.utils.authorization import require_workspace_role
+from tracim_backend.lib.utils.authorization import require_profile_or_other_profile_with_workspace_role
 from tracim_backend.lib.utils.authorization import require_profile
 from tracim_backend.models import Group
 from tracim_backend.lib.utils.authorization import require_candidate_workspace_role
@@ -122,6 +123,51 @@ class WorkspaceController(Controller):
         return wapi.get_workspace_with_context(workspace)
 
     @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_profile_or_other_profile_with_workspace_role(
+        Group.TIM_ADMIN,
+        Group.TIM_MANAGER,
+        UserRoleInWorkspace.WORKSPACE_MANAGER,
+    )
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def delete_workspace(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        delete workspace
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        wapi.delete(request.current_workspace, flush=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
+    @hapic.handle_exception(EmptyLabelNotAllowed, HTTPStatus.BAD_REQUEST)
+    @require_profile_or_other_profile_with_workspace_role(
+        Group.TIM_ADMIN,
+        Group.TIM_MANAGER,
+        UserRoleInWorkspace.WORKSPACE_MANAGER,
+    )
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def undelete_workspace(self, context, request: TracimRequest, hapic_data=None):  # nopep8
+        """
+        restore deleted workspace
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+            show_deleted=True,
+        )
+        wapi.undelete(request.current_workspace, flush=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
     @require_workspace_role(UserRoleInWorkspace.READER)
     @hapic.input_path(WorkspaceIdPathSchema())
     @hapic.output_body(WorkspaceMemberSchema(many=True))
@@ -180,6 +226,28 @@ class WorkspaceController(Controller):
         return rapi.get_user_role_workspace_with_context(role)
 
     @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
+    @require_workspace_role(UserRoleInWorkspace.WORKSPACE_MANAGER)
+    @hapic.input_path(WorkspaceAndUserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def delete_workspaces_members_role(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> None:
+        app_config = request.registry.settings['CFG']
+        rapi = RoleApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        rapi.delete_one(
+            user_id=hapic_data.path.user_id,
+            workspace_id=hapic_data.path.workspace_id,
+        )
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG_WORKSPACE_ENDPOINTS])
     @hapic.handle_exception(UserCreationFailed, HTTPStatus.BAD_REQUEST)
     @require_workspace_role(UserRoleInWorkspace.WORKSPACE_MANAGER)
     @hapic.input_path(WorkspaceIdPathSchema())
@@ -576,6 +644,11 @@ class WorkspaceController(Controller):
         # Create workspace
         configurator.add_route('create_workspace', '/workspaces', request_method='POST')  # nopep8
         configurator.add_view(self.create_workspace, route_name='create_workspace')  # nopep8
+        # Delete/Undelete workpace
+        configurator.add_route('delete_workspace', '/workspaces/{workspace_id}/delete', request_method='PUT')  # nopep8
+        configurator.add_view(self.delete_workspace, route_name='delete_workspace')  # nopep8
+        configurator.add_route('undelete_workspace', '/workspaces/{workspace_id}/undelete', request_method='PUT')  # nopep8
+        configurator.add_view(self.undelete_workspace, route_name='undelete_workspace')  # nopep8
         # Update Workspace
         configurator.add_route('update_workspace', '/workspaces/{workspace_id}', request_method='PUT')  # nopep8
         configurator.add_view(self.update_workspace, route_name='update_workspace')  # nopep8
@@ -588,6 +661,9 @@ class WorkspaceController(Controller):
         # Create Workspace Members roles
         configurator.add_route('create_workspace_member', '/workspaces/{workspace_id}/members', request_method='POST')  # nopep8
         configurator.add_view(self.create_workspaces_members_role, route_name='create_workspace_member')  # nopep8
+        # Delete Workspace Members roles
+        configurator.add_route('delete_workspace_member', '/workspaces/{workspace_id}/members/{user_id}', request_method='DELETE')  # nopep8
+        configurator.add_view(self.delete_workspaces_members_role, route_name='delete_workspace_member')  # nopep8
         # Workspace Content
         configurator.add_route('workspace_content', '/workspaces/{workspace_id}/contents', request_method='GET')  # nopep8
         configurator.add_view(self.workspace_content, route_name='workspace_content')  # nopep8