Closed nagem closed 6 years ago
@gsfr will you make sure the above proposal is what you were expecting?
Attn: @ryansanford
LGTM.
Merging #1085 into master will increase coverage by
0.01%
. The diff coverage is94.02%
.
@@ Coverage Diff @@
## master #1085 +/- ##
==========================================
+ Coverage 90.8% 90.82% +0.01%
==========================================
Files 50 50
Lines 7029 7092 +63
==========================================
+ Hits 6383 6441 +58
- Misses 646 651 +5
I've actually been moving theDELETE
responses to a 200 with no response body if the action succeeded and a proper error response if it didn't. The modified is a relic probably caused by it's storage situation - the container was "modified". I'll make the change in the response 👍.
I take that back, we have some clients that do check the modified count and I would prefer for this to not be a breaking change.
Changes/things made clear in this PR:
Note: all permissions mentioned are those set at the project level
Project deletion:
admin
can delete the project even if it has data (original or not)Session/Acquisition deletion:
rw
can delete a session or acquisition if it is empty or only contains data uploaded by a job or user (not necessarily themselves)admin
can delete a session or acquisition in any situationIndividual File deletion:
rw
can delete a file if it was uploaded by any user or a jobadmin
can delete a file in any situationA new query param is offered on container
DELETE
endpoints:check=true/false
check=true
(defaultfalse
) to only preform a perm check - returning the expected 403/404 failure if the action would not be allowed or 200 with no response body if the action would be allowedList of permission failure variants:
If the container has "original data" (data not uploaded by a user or job), the API will respond with
'original_data_present'
in thereason
key:If deleting this container would cause an analysis' input file to be removed without removing the analysis, the API will respond with
'analysis_conflict'
in thereason
key:All other permission conflicts (
403
) will have'{'reason': 'permission_denied'}
or will be a different error (404
/400
, etc)Tests will be added after above proposal is agreed upon.