Merge branch 'delete-metadata' into 'master'

Delete metadata endpoint

See merge request !585

arkindex/documents/api/elements.py

@@ -10,7 +10,7 @@ from rest_framework import status, response
 from rest_framework.response import Response
 from arkindex_common.enums import TranscriptionType
 from arkindex.documents.models import (
-    Corpus, Element, ElementPath, Right,
+    Corpus, Element, ElementPath, Right, MetaData,
     Classification, ClassificationState, Transcription, Region
 )
 from arkindex.documents.serializers.elements import (
@@ -789,3 +789,24 @@ class ElementMetadata(CreateAPIView):
         if self.request:  # Ignore this step when generating the schema with OpenAPI
             context['element'] = self.get_object()
         return context
+
+
+class MetadataDestroy(DestroyAPIView):
+    """
+    Delete an existing element medadata
+    """
+    permission_classes = (IsVerified, )
+    serializer_class = MetaDataLightSerializer
+    openapi_overrides = {
+        'operationId': 'DestroyMetaData',
+        'tags': ['elements']
+    }
+
+    def get_queryset(self):
+        # Filter readable metadata in order to check object permissions
+        return MetaData.objects.filter(element__corpus__in=Corpus.objects.readable(self.request.user))
+
+    def check_object_permissions(self, request, obj):
+        super().check_object_permissions(request, obj)
+        if Right.Write not in obj.element.corpus.get_acl_rights(request.user):
+            self.permission_denied(request, message='You do not have write access to this corpus.')

arkindex/documents/tests/test_metadata.py

+from django.urls import reverse
+from rest_framework import status
+from arkindex.documents.models import Corpus
+from arkindex.project.tests import FixtureAPITestCase
+from arkindex_common.enums import MetaType
+
+
+class TestElementsAPI(FixtureAPITestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        super().setUpTestData()
+        cls.vol = cls.corpus.elements.get(name='Volume 1')
+        cls.private_corpus = Corpus.objects.create(name='private')
+        cls.private_vol = cls.private_corpus.elements.create(type=cls.vol.type, name='Vol')
+
+    def setUp(self):
+        super().setUp()
+        self.metadata = self.vol.metadatas.create(type=MetaType.Date, name='leet', value='1337')
+        self.private_metadata = self.private_vol.metadatas.create(type=MetaType.Text, name='password', value='123')
+
+    def test_delete_metadata_verified(self):
+        response = self.client.delete(reverse('api:metadata-destroy', kwargs={'pk': str(self.metadata.id)}))
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_delete_metadata_methods(self):
+        self.client.force_login(self.user)
+        methods = (self.client.post, self.client.get, self.client.patch, self.client.put)
+        for method in methods:
+            response = method(reverse('api:metadata-destroy', kwargs={'pk': str(self.metadata.id)}))
+            self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
+
+    def test_delete_metadata(self):
+        self.client.force_login(self.user)
+        self.assertEqual(self.vol.metadatas.count(), 1)
+        response = self.client.delete(reverse('api:metadata-destroy', kwargs={'pk': str(self.metadata.id)}))
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+        self.assertEqual(self.vol.metadatas.count(), 0)
+
+    def test_delete_metadata_private_corpus(self):
+        self.client.force_login(self.user)
+        response = self.client.delete(reverse('api:metadata-destroy', kwargs={'pk': str(self.private_metadata.id)}))
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_delete_metadata_readable_element(self):
+        """
+        An explicit message should be raised when user can read but not delete metadata
+        """
+        self.client.force_login(self.user)
+        self.private_corpus.corpus_right.create(user_id=self.user.id, can_write=False)
+        response = self.client.delete(reverse('api:metadata-destroy', kwargs={'pk': str(self.private_metadata.id)}))
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertDictEqual(response.json(), {'detail': 'You do not have write access to this corpus.'})

arkindex/project/api_v1.py

@@ -2,9 +2,9 @@ from django.urls import path
 from django.views.generic.base import RedirectView
 
 from arkindex.documents.api.elements import (
-    ElementsList, RelatedElementsList, ElementRetrieve, CorpusList, CorpusRetrieve,
-    ElementTranscriptions, ElementsCreate, ElementRegions, RegionDetails, RegionCreate, RegionBulkCreate,
-    ElementNeighbors, ElementParent, ElementParents, ElementChildren, ElementMetadata, ManageSelection
+    ElementsList, RelatedElementsList, ElementRetrieve, CorpusList, CorpusRetrieve, ElementTranscriptions,
+    ElementsCreate, ElementRegions, RegionDetails, RegionCreate, RegionBulkCreate, ElementNeighbors,
+    ElementParent, ElementParents, ElementChildren, ElementMetadata, MetadataDestroy, ManageSelection
 )
 from arkindex.documents.api.search import ElementSearch, EntitySearch
 from arkindex.documents.api.ml import (
@@ -111,6 +111,9 @@ api = [
     path('transcription/<uuid:pk>/entity/', TranscriptionEntityCreate.as_view(), name='transcription-entity-create'),
     path('transcription/<uuid:pk>/entities/', TranscriptionEntities.as_view(), name='transcription-entities'),
 
+    # Ingest metadata
+    path('metadata/<uuid:pk>/', MetadataDestroy.as_view(), name='metadata-destroy'),
+
     # Git import workflows
     path('imports/repos/', RepositoryList.as_view(), name='repository-list'),
     path('imports/repos/<uuid:pk>/', RepositoryRetrieve.as_view(), name='repository-retrieve'),