add delete/undelete user endpoints + nominal case tests

backend/tracim_backend/lib/core/user.py

@@ -34,13 +34,18 @@ class UserApi(object):
             current_user: typing.Optional[User],
             session: Session,
             config: CFG,
+            show_deleted: bool = False,
     ) -> None:
         self._session = session
         self._user = current_user
         self._config = config
+        self._show_deleted = show_deleted
 
     def _base_query(self):
-        return self._session.query(User)
+        query = self._session.query(User)
+        if not self._show_deleted:
+            query = query.filter(User.is_deleted == False)
+        return query
 
     def get_user_with_context(self, user: User) -> UserInContext:
         """
@@ -382,6 +387,16 @@ class UserApi(object):
         if do_save:
             self.save(user)
 
+    def delete(self, user: User, do_save=False):
+        user.is_deleted = True
+        if do_save:
+            self.save(user)
+
+    def undelete(self, user: User, do_save=False):
+        user.is_deleted = False
+        if do_save:
+            self.save(user)
+
     def save(self, user: User):
         self._session.flush()
 

backend/tracim_backend/lib/utils/request.py

@@ -293,7 +293,7 @@ class TracimRequest(Request):
         :return: user found from header/body
         """
         app_config = request.registry.settings['CFG']
-        uapi = UserApi(None, session=request.dbsession, config=app_config)
+        uapi = UserApi(None, show_deleted=True, session=request.dbsession, config=app_config)
         login = ''
         try:
             login = None

backend/tracim_backend/tests/functional/test_user.py

@@ -2636,6 +2636,52 @@ class TestUserEndpoint(FunctionalTest):
             status=403
         )
 
+    def test_api_delete_user__ok_200__admin(self):
+        dbsession = get_tm_session(self.session_factory, transaction.manager)
+        admin = dbsession.query(models.User) \
+            .filter(models.User.email == 'admin@admin.admin') \
+            .one()
+        uapi = UserApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        gapi = GroupApi(
+            current_user=admin,
+            session=dbsession,
+            config=self.app_config,
+        )
+        groups = [gapi.get_one_with_name('users')]
+        test_user = uapi.create_user(
+            email='test@test.test',
+            password='pass',
+            name='bob',
+            groups=groups,
+            timezone='Europe/Paris',
+            do_save=True,
+            do_notify=False,
+        )
+        uapi.save(test_user)
+        transaction.commit()
+        user_id = int(test_user.user_id)
+
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        self.testapp.put(
+            '/api/v2/users/{}/delete'.format(user_id),
+            status=204
+        )
+        res = self.testapp.get(
+            '/api/v2/users/{}'.format(user_id),
+            status=200
+        ).json_body
+        assert res['is_deleted'] is True
+
 
 class TestUsersEndpoint(FunctionalTest):
     # -*- coding: utf-8 -*-

backend/tracim_backend/views/core_api/user_controller.py

@@ -244,6 +244,41 @@ class UserController(Controller):
     @require_profile(Group.TIM_ADMIN)
     @hapic.input_path(UserIdPathSchema())
     @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def delete_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        delete user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        uapi.delete(user=request.candidate_user, do_save=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
+    def undelete_user(self, context, request: TracimRequest, hapic_data=None):
+        """
+        undelete user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+            show_deleted=True,
+        )
+        uapi.undelete(user=request.candidate_user, do_save=True)
+        return
+
+    @hapic.with_api_doc(tags=[SWAGGER_TAG__USER_ENDPOINTS])
+    @require_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(NoContentSchema(), default_http_code=HTTPStatus.NO_CONTENT)  # nopep8
     def disable_user(self, context, request: TracimRequest, hapic_data=None):
         """
         disable user
@@ -464,6 +499,14 @@ class UserController(Controller):
         configurator.add_route('disable_user', '/users/{user_id}/disable', request_method='PUT')  # nopep8
         configurator.add_view(self.disable_user, route_name='disable_user')
 
+        # delete user
+        configurator.add_route('delete_user', '/users/{user_id}/delete', request_method='PUT')  # nopep8
+        configurator.add_view(self.delete_user, route_name='delete_user')
+
+        # undelete user
+        configurator.add_route('undelete_user', '/users/{user_id}/undelete', request_method='PUT')  # nopep8
+        configurator.add_view(self.undelete_user, route_name='undelete_user')
+
         # set user profile
         configurator.add_route('set_user_profile', '/users/{user_id}/profile', request_method='PUT')  # nopep8
         configurator.add_view(self.set_profile, route_name='set_user_profile')