diff --git a/apiary.apib b/apiary.apib index 7efa5b5..4029d2f 100644 --- a/apiary.apib +++ b/apiary.apib @@ -291,10 +291,6 @@ maintenance ownership to another user, immediatelly. ### Remove group [DELETE] -+ Request (application/json) - - { "token": "userToken" } - + Response 200 (application/json) { "status": "OK" } diff --git a/luncho/blueprints/groups.py b/luncho/blueprints/groups.py index 1a5a3a9..e15f645 100644 --- a/luncho/blueprints/groups.py +++ b/luncho/blueprints/groups.py @@ -83,6 +83,8 @@ def update_group(token, groupId): if not group: return JSONError(404, 'Group not found') + LOG.debug('Group = {group}'.format(group=group)) + json = request.get_json(force=True) if 'name' in json: group.name = json['name'] @@ -95,3 +97,23 @@ def update_group(token, groupId): db.session.commit() return jsonify(status='OK') + + +@groups.route('//', methods=['DELETE']) +def delete_group(token, groupId): + """Delete a group.""" + (user, error) = user_or_error(token) + if error: + return error + + group = Group.query.get(groupId) + if not group: + return JSONError(404, 'Group not found') + + if not group.owner == user.username: + return JSONError(401, 'User is not admin') + + db.session.delete(group) + db.session.commit() + + return jsonify(status='OK') diff --git a/luncho/server.py b/luncho/server.py index ad08e33..635d6bf 100644 --- a/luncho/server.py +++ b/luncho/server.py @@ -89,6 +89,11 @@ class Group(db.Model): self.name = name self.owner = owner + def __repr__(self): + return 'Group {id}-{name}-{owner}'.format(id=self.id, + name=self.name, + owner=self.owner) + # ---------------------------------------------------------------------- # Blueprints # ---------------------------------------------------------------------- diff --git a/tests/group_tests.py b/tests/group_tests.py index 694849b..3f0399b 100644 --- a/tests/group_tests.py +++ b/tests/group_tests.py @@ -120,9 +120,10 @@ class TestExistingGroups(LunchoTests): new_username = new_user.username request = {'maintainer': new_user.username} - rv = self.post('/group/{token}/{groupId}/'.format(token=self.user.token, - groupId=self.group.id), - request) + rv = self.post('/group/{token}/{groupId}/'.format( + token=self.user.token, + groupId=self.group.id), + request) expected = {'status': 'OK'} self.assertStatusCode(rv, 200) self.assertJson(expected, rv.data) @@ -131,5 +132,53 @@ class TestExistingGroups(LunchoTests): group = Group.query.get(groupId) self.assertEqual(group.owner, new_username) + def test_update_unknown_group(self): + """Try to update a group that doesn't exist.""" + groupId = self.group.id + 10 + request = {'name': 'New test group'} + rv = self.post('/group/{token}/{groupId}/'.format( + token=self.user.token, + groupId=groupId), + request) + expected = {'status': 'ERROR', 'error': 'Group not found'} + self.assertStatusCode(rv, 404) + self.assertJson(expected, rv.data) + + def test_delete_group(self): + """Delete a group.""" + groupId = self.group.id + rv = self.delete('/group/{token}/{groupId}/'.format( + token=self.user.token, + groupId=groupId)) + expected = {'status': 'OK'} + self.assertStatusCode(rv, 200) + self.assertJson(expected, rv.data) + + def test_delete_unknown_group(self): + """Delete a group that doesn't exist.""" + groupId = self.group.id + 10 + rv = self.delete('/group/{token}/{groupId}/'.format( + token=self.user.token, + groupId=groupId)) + expected = {'status': 'ERROR', 'error': 'Group not found'} + self.assertStatusCode(rv, 404) + self.assertJson(expected, rv.data) + + def test_delete_not_admin(self): + """Try to delete a group when the user is not the admin.""" + new_user = User(username='another_user', + fullname='Another user', + passhash='hash') + server.db.session.add(new_user) + server.db.session.commit() + new_user.get_token() + + rv = self.delete('/group/{token}/{groupId}/'.format( + token=new_user.token, + groupId=self.group.id)) + expected = {'status': 'ERROR', 'error': 'User is not admin'} + self.assertStatusCode(rv, 401) + self.assertJson(expected, rv.data) + if __name__ == '__main__': unittest.main()