Add delete-tasks endpoint

danlamanna · danlamanna · commit 9eae6a39d8a4 · 2022-04-04T16:47:21.000-04:00
diff --git a/isic/studies/api.py b/isic/studies/api.py
@@ -34,6 +34,18 @@ class StudyViewSet(viewsets.ReadOnlyModelViewSet):
 
     swagger_schema = None
 
+    @action(detail=True, methods=['delete'], pagination_class=None, url_path='delete-tasks')
+    def delete_tasks(self, request, *args, **kwargs):
+        study: Study = self.get_object()
+        if not request.user.has_perm('studies.modify_study', study):
+            raise PermissionDenied
+        elif study.tasks.filter(annotation__isnull=False).exists():
+            raise Conflict('Study has answered questions, tasks cannot be deleted.')
+        else:
+            # TODO: this will timeout for larger studies
+            study.tasks.all().delete()
+            return JsonResponse({})
+
     @action(detail=True, methods=['post'], pagination_class=None, url_path='set-tasks')
     def set_tasks(self, request, *args, **kwargs):
         study: Study = self.get_object()
diff --git a/isic/studies/tests/test_permissions.py b/isic/studies/tests/test_permissions.py
@@ -307,19 +307,21 @@ def test_study_api_list_owners_permissions(api_client, study_scenario, study_fac
 
 
 @pytest.mark.django_db
-def test_study_api_set_tasks_on_study_with_responses_permissions(
-    api_client, private_study_with_responses
+@pytest.mark.parametrize('method,path', [['post', 'set-tasks'], ['delete', 'delete-tasks']])
+def test_study_api_modify_tasks_on_study_with_responses_permissions(
+    api_client, private_study_with_responses, method, path
 ):
     study = private_study_with_responses[0]
     api_client.force_login(study.creator)
-    r = api_client.post(f'/api/v2/studies/{study.pk}/set-tasks/')
+    r = api_client.generic(method, f'/api/v2/studies/{study.pk}/{path}/')
     assert r.status_code == 409
 
 
 @pytest.mark.django_db
-def test_study_api_set_tasks_on_someone_elses_study_permissions(
-    api_client, user_factory, public_study
+@pytest.mark.parametrize('method,path', [['post', 'set-tasks'], ['delete', 'delete-tasks']])
+def test_study_api_modify_tasks_on_someone_elses_study_permissions(
+    api_client, user_factory, public_study, method, path
 ):
     api_client.force_login(user_factory())
-    r = api_client.post(f'/api/v2/studies/{public_study.pk}/set-tasks/')
+    r = api_client.generic(method, f'/api/v2/studies/{public_study.pk}/{path}/')
     assert r.status_code == 403
