Implementation of DELETE /api/v2/tasks/{object_identifier}/comments/{identifier}

Author: c8y3

source/app/blueprints/rest/v2/tasks_routes/comments.py

@@ -22,15 +22,18 @@
 
 from app.iris_engine.access_control.iris_user import iris_current_user
 from app.blueprints.access_controls import ac_api_requires
+from app.blueprints.access_controls import ac_api_return_access_denied
 from app.blueprints.rest.endpoints import response_api_paginated
 from app.blueprints.rest.endpoints import response_api_not_found
 from app.blueprints.rest.parsing import parse_pagination_parameters
 from app.blueprints.rest.endpoints import response_api_created
 from app.blueprints.rest.endpoints import response_api_error
 from app.blueprints.rest.endpoints import response_api_success
+from app.blueprints.rest.endpoints import response_api_deleted
 from app.business.comments import comments_get_filtered_by_task
 from app.business.comments import comments_create_for_task
 from app.business.comments import comments_get_for_task
+from app.business.comments import comments_delete_for_task
 from app.business.tasks import tasks_get
 from app.business.errors import ObjectNotFoundError
 from app.schema.marshables import CommentSchema
@@ -86,6 +89,18 @@ def read(self, task_identifier, identifier):
         except ObjectNotFoundError:
             return response_api_not_found()
 
+    def delete(self, task_identifier, identifier):
+        try:
+            task = self._get_task(task_identifier, [CaseAccessLevel.full_access])
+            comment = comments_get_for_task(task, identifier)
+            if comment.comment_user_id != iris_current_user.id:
+                return ac_api_return_access_denied()
+
+            comments_delete_for_task(task, comment)
+            return response_api_deleted()
+        except ObjectNotFoundError:
+            return response_api_not_found()
+
 
 tasks_comments_blueprint = Blueprint('tasks_comments', __name__, url_prefix='/<int:task_identifier>/comments')
 comments_operations = CommentsOperations()
@@ -107,3 +122,9 @@ def create_tasks_comment(task_identifier):
 @ac_api_requires()
 def get_task_comment(task_identifier, identifier):
     return comments_operations.read(task_identifier, identifier)
+
+
+@tasks_comments_blueprint.delete('/<int:identifier>')
+@ac_api_requires()
+def delete_task_comment(task_identifier, identifier):
+    return comments_operations.delete(task_identifier, identifier)

source/app/business/comments.py

@@ -50,6 +50,7 @@
 from app.datamgmt.case.case_rfiles_db import delete_evidence_comment
 from app.datamgmt.case.case_iocs_db import delete_ioc_comment
 from app.datamgmt.case.case_notes_db import delete_note_comment
+from app.datamgmt.case.case_tasks_db import delete_task_comment
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.utils.tracker import track_activity
 from app.models.comments import Comments
@@ -326,3 +327,10 @@ def comments_delete_for_note(note: Notes, comment: Comments):
 
     call_modules_hook('on_postload_note_comment_delete', comment.comment_id, caseid=comment.comment_case_id)
     track_activity(f'comment {comment.comment_id} on note {note.note_id} deleted', caseid=comment.comment_case_id)
+
+
+def comments_delete_for_task(task: CaseTasks, comment: Comments):
+    delete_task_comment(task.id, comment.comment_id)
+
+    call_modules_hook('on_postload_task_comment_delete', comment.comment_id, caseid=comment.comment_case_id)
+    track_activity(f'comment {comment.comment_id} on task {task.id} deleted', caseid=comment.comment_case_id)

source/app/datamgmt/case/case_tasks_db.py

@@ -267,6 +267,8 @@ def get_case_task_comment(task_id, comment_id):
         Comments.comment_date,
         Comments.comment_update_date,
         Comments.comment_uuid,
+        Comments.comment_user_id,
+        Comments.comment_case_id,
         User.name,
         User.user
     ).join(

tests/tests_rest_comments.py

@@ -663,3 +663,14 @@ def test_delete_notes_comment_should_return_204(self):
 
         response = self._subject.delete(f'/api/v2/notes/{object_identifier}/comments/{identifier}')
         self.assertEqual(204, response.status_code)
+
+    def test_delete_tasks_comment_should_return_204(self):
+        case_identifier = self._subject.create_dummy_case()
+        body = {'task_assignees_id': [], 'task_status_id': 1, 'task_title': 'dummy title'}
+        response = self._subject.create(f'/api/v2/cases/{case_identifier}/tasks', body).json()
+        object_identifier = response['id']
+        response = self._subject.create(f'/api/v2/tasks/{object_identifier}/comments', {}).json()
+        identifier = response['comment_id']
+
+        response = self._subject.delete(f'/api/v2/tasks/{object_identifier}/comments/{identifier}')
+        self.assertEqual(204, response.status_code)