Verified Commit 6b065956 authored by Kevin Morris's avatar Kevin Morris
Browse files

Merge branch 'pu_packages_action_delete' into pu

parents c6c04f49 60bffa4f
Pipeline #12520 passed with stage
in 6 minutes and 29 seconds
......@@ -9,7 +9,7 @@ from sqlalchemy import and_, case
import aurweb.filters
import aurweb.packages.util
from aurweb import db, defaults, l10n, models, util
from aurweb import db, defaults, l10n, logging, models, util
from aurweb.auth import auth_required
from aurweb.models.package_request import ACCEPTED_ID, PENDING_ID, REJECTED_ID
from aurweb.models.relation_type import CONFLICTS_ID
......@@ -20,6 +20,7 @@ from aurweb.scripts import notify, popupdate
from aurweb.scripts.rendercomment import update_comment_render
from aurweb.templates import make_context, make_variable_context, render_raw_template, render_template
logger = logging.get_logger(__name__)
router = APIRouter()
......@@ -1227,6 +1228,47 @@ async def packages_disown(request: Request, package_ids: List[int] = [],
return (True, ["The selected packages have been disowned."])
async def packages_delete(request: Request, package_ids: List[int] = [],
confirm: bool = False, merge_into: str = str(),
**kwargs):
if not package_ids:
return (False, ["You did not select any packages to delete."])
if not confirm:
return (False, ["The selected packages have not been deleted, "
"check the confirmation checkbox."])
if not request.user.has_credential("CRED_PKGBASE_DELETE"):
return (False, ["You do not have permission to delete packages."])
# A "memo" used to store names of packages that we delete.
# We'll use this to log out a message about the deletions that occurred.
deleted_pkgs = []
# set-ify package_ids and query the database for related records.
package_ids = set(package_ids)
packages = db.query(models.Package).filter(
models.Package.ID.in_(package_ids)).all()
if len(packages) != len(package_ids):
# Let the user know there was an issue with their input: they have
# provided at least one package_id which does not exist in the DB.
# TODO: This error has not yet been translated.
return (False, ["One of the packages you selected does not exist."])
# Now let's actually walk through and delete all of the packages,
# using the same method we use in our /pkgbase/{name}/delete route.
for pkg in packages:
deleted_pkgs.append(pkg.Name)
delete_package(request.user, pkg)
# Log out the fact that this happened for accountability.
logger.info(f"Privileged user '{request.user.Username}' deleted the "
f"following packages: {str(deleted_pkgs)}.")
return (True, ["The selected packages have been deleted."])
# A mapping of action string -> callback functions used within the
# `packages_post` route below. We expect any action callback to
# return a tuple in the format: (succeeded: bool, message: List[str]).
......@@ -1236,6 +1278,7 @@ PACKAGE_ACTIONS = {
"unnotify": packages_unnotify,
"adopt": packages_adopt,
"disown": packages_disown,
"delete": packages_delete,
}
......
......@@ -1020,6 +1020,10 @@ msgstr ""
msgid "You did not select any packages to delete."
msgstr ""
#: aurweb/routers/packages.py
msgid "One of the packages you selected does not exist."
msgstr ""
#: lib/pkgbasefuncs.inc.php
msgid "The selected packages have been deleted."
msgstr ""
......
......@@ -2318,3 +2318,76 @@ def test_packages_post_disown(client: TestClient, user: User,
successes = get_successes(resp.text)
expected = "The selected packages have been disowned."
assert successes[0].text.strip() == expected
def test_packages_post_delete(caplog: pytest.fixture, client: TestClient,
user: User, tu_user: User, package: Package):
# First, let's try to use the delete action with no packages IDs.
user_cookies = {"AURSID": user.login(Request(), "testPassword")}
with client as request:
resp = request.post("/packages", data={
"action": "delete"
}, cookies=user_cookies)
assert resp.status_code == int(HTTPStatus.BAD_REQUEST)
errors = get_errors(resp.text)
expected = "You did not select any packages to delete."
assert errors[0].text.strip() == expected
# Now, let's try to delete real packages without supplying "confirm".
with client as request:
resp = request.post("/packages", data={
"action": "delete",
"IDs": [package.ID]
}, cookies=user_cookies)
assert resp.status_code == int(HTTPStatus.BAD_REQUEST)
errors = get_errors(resp.text)
expected = ("The selected packages have not been deleted, "
"check the confirmation checkbox.")
assert errors[0].text.strip() == expected
# And again, with everything, but `user` doesn't have permissions.
with client as request:
resp = request.post("/packages", data={
"action": "delete",
"IDs": [package.ID],
"confirm": True
}, cookies=user_cookies)
assert resp.status_code == int(HTTPStatus.BAD_REQUEST)
errors = get_errors(resp.text)
expected = "You do not have permission to delete packages."
assert errors[0].text.strip() == expected
# Now, let's switch over to making the requests as a TU.
# However, this next request will be rejected due to supplying
# an invalid package ID.
tu_cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
with client as request:
resp = request.post("/packages", data={
"action": "delete",
"IDs": [0],
"confirm": True
}, cookies=tu_cookies)
assert resp.status_code == int(HTTPStatus.BAD_REQUEST)
errors = get_errors(resp.text)
expected = "One of the packages you selected does not exist."
assert errors[0].text.strip() == expected
# Whoo. Now, let's finally make a valid request as `tu_user`
# to delete `package`.
with client as request:
resp = request.post("/packages", data={
"action": "delete",
"IDs": [package.ID],
"confirm": True
}, cookies=tu_cookies)
assert resp.status_code == int(HTTPStatus.OK)
successes = get_successes(resp.text)
expected = "The selected packages have been deleted."
assert successes[0].text.strip() == expected
# Expect that the package deletion was logged.
packages = [package.Name]
expected = (f"Privileged user '{tu_user.Username}' deleted the "
f"following packages: {str(packages)}.")
assert expected in caplog.text
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment