add ProjectDestroyAPIView, add tests (wip) (#1090)

CHANGELOG.rst

@@ -30,6 +30,7 @@ Added
     - Old owner "remove role" option in ``RoleAssignmentOwnerTransferForm`` (#836)
     - Project deletion (#1090)
     - ``ProjectModifyPluginMixin.perform_project_delete()`` method (#1090)
+    - ``ProjectDestroyAPIView`` REST API view (#1090)
 
 Changed
 -------

docs/source/app_projectroles_api_rest.rst

@@ -147,6 +147,8 @@ Projectroles REST API Views
 
 .. autoclass:: ProjectUpdateAPIView
 
+.. autoclass:: ProjectDestroyAPIView
+
 .. autoclass:: RoleAssignmentCreateAPIView
 
 .. autoclass:: RoleAssignmentUpdateAPIView
@@ -182,5 +184,7 @@ Projectroles REST API Version Changes
 v1.1
 ----
 
+- ``ProjectDestroyAPIView``
+    * Add view
 - ``RoleAssignmentOwnerTransferAPIView``
     * Allow empty value for ``old_owner_role``

docs/source/major_changes.rst

@@ -84,6 +84,7 @@ REST API View Changes
 - Projectroles API (``vnd.bihealth.sodar-core.projectroles``)
     * Current version: ``1.1`` (non-breaking changes)
     * Allowed versions: ``1.0``, ``1.1``
+    * ``ProjectDestroyAPIView``: Add view
     * ``RoleAssignmentOwnerTransferAPIView``: Allow empty value for
       ``old_owner_role``
 

projectroles/tests/test_views_api.py

@@ -1331,6 +1331,37 @@ def test_patch_project_remote(self):
         self.assertEqual(response.status_code, 400, msg=response.content)
 
 
+class TestProjectDestroyAPIView(
+    RemoteSiteMixin, RemoteProjectMixin, ProjectrolesAPIViewTestBase
+):
+    """Tests for ProjectDestroyAPIView"""
+
+    def setUp(self):
+        super().setUp()
+        self.url = reverse(
+            'projectroles:api_project_destroy',
+            kwargs={'project': self.project.sodar_uuid},
+        )
+        self.url_cat = reverse(
+            'projectroles:api_project_destroy',
+            kwargs={'project': self.category.sodar_uuid},
+        )
+
+    def test_delete(self):
+        """Test ProjectDestroyAPIView DELETE"""
+        self.assertEqual(Project.objects.count(), 2)
+        response = self.request_knox(self.url, method='DELETE')
+        self.assertEqual(response.status_code, 204, msg=response.content)
+        self.assertEqual(Project.objects.count(), 1)
+
+    # TODO: Test with category with children (should fail)
+    # TODO: Test with category without children
+    # TODO: Test with source project and non-revoked remote project (should fail)
+    # TODO: Test with source project and revoked remote project
+    # TODO: Test with target project and non-revoked remote project (should fail)
+    # TODO: Test with target project and revoked remote project
+
+
 class TestRoleAssignmentCreateAPIView(
     RemoteSiteMixin, RemoteProjectMixin, ProjectrolesAPIViewTestBase
 ):

projectroles/urls.py

@@ -256,6 +256,11 @@
         view=views_api.ProjectUpdateAPIView.as_view(),
         name='api_project_update',
     ),
+    path(
+        route='api/destroy/<uuid:project>',
+        view=views_api.ProjectDestroyAPIView.as_view(),
+        name='api_project_destroy',
+    ),
     path(
         route='api/roles/create/<uuid:project>',
         view=views_api.RoleAssignmentCreateAPIView.as_view(),

projectroles/views_api.py

@@ -13,6 +13,7 @@
 from rest_framework import serializers
 from rest_framework.exceptions import (
     APIException,
+    NotAcceptable,
     NotFound,
     PermissionDenied,
 )
@@ -59,6 +60,8 @@
 )
 from projectroles.views import (
     ProjectAccessMixin,
+    ProjectDeleteMixin,
+    ProjectDeleteAccessMixin,
     RoleAssignmentDeleteMixin,
     RoleAssignmentOwnerTransferMixin,
     ProjectInviteMixin,
@@ -104,6 +107,9 @@
 USER_MODIFIABLE_MSG = 'Updating non-user modifiable settings is not allowed'
 ANON_ACCESS_MSG = 'Anonymous access not allowed'
 NO_VALUE_MSG = 'Value not set in request data'
+VIEW_NOT_ACCEPTABLE_VERSION = (
+    'This view is not available in the given API version'
+)
 
 
 # Permission / Versioning / Renderer Classes -----------------------------------
@@ -513,6 +519,45 @@ def get_serializer_context(self, *args, **kwargs):
         return context
 
 
+class ProjectDestroyAPIView(
+    ProjectQuerysetMixin,
+    ProjectrolesAPIVersioningMixin,
+    SODARAPIGenericProjectMixin,
+    ProjectDeleteMixin,
+    ProjectDeleteAccessMixin,
+    DestroyAPIView,
+):
+    """
+    Destroy a project and all associated data.
+
+    Deletion is prohibited if called on a category with children or a project
+    with non-revoked remote projects.
+
+    NOTE: This operation can not be undone!
+
+    **URL:** ``/project/api/destroy/{Project.sodar_uuid}``
+
+    **Methods:** ``DELETE``
+
+    **Version Changes**:
+
+    - ``1.1``: Add view
+    """
+
+    permission_required = 'projectroles.delete_project'
+    serializer_class = ProjectSerializer
+
+    def perform_destroy(self, instance):
+        """Override perform_destroy() to handle Project deletion"""
+        if self.request.version == '1.0':
+            raise NotAcceptable(VIEW_NOT_ACCEPTABLE_VERSION)
+        access, msg = self.check_delete_permission(instance)
+        if not access:
+            raise PermissionDenied(msg)
+        with transaction.atomic():
+            self.handle_delete(instance, self.request)
+
+
 class RoleAssignmentCreateAPIView(
     ProjectrolesAPIVersioningMixin, SODARAPIGenericProjectMixin, CreateAPIView
 ):