Implementation of DELETE /api/v2/events/{object_identifier}/comments/{identifier}

Author: c8y3

source/app/blueprints/rest/v2/events_routes/comments.py

@@ -21,16 +21,19 @@
 from marshmallow import ValidationError
 
 from app.blueprints.access_controls import ac_api_requires
+from app.blueprints.access_controls import ac_api_return_access_denied
 from app.blueprints.rest.endpoints import response_api_paginated
 from app.blueprints.rest.endpoints import response_api_not_found
 from app.blueprints.rest.endpoints import response_api_created
 from app.blueprints.rest.endpoints import response_api_error
 from app.blueprints.rest.endpoints import response_api_success
+from app.blueprints.rest.endpoints import response_api_deleted
 from app.blueprints.rest.parsing import parse_pagination_parameters
 from app.iris_engine.access_control.iris_user import iris_current_user
 from app.business.comments import comments_get_filtered_by_event
 from app.business.comments import comments_create_for_event
 from app.business.comments import comments_get_for_event
+from app.business.comments import comments_delete_for_event
 from app.business.events import events_get
 from app.business.errors import ObjectNotFoundError
 from app.models.cases import CasesEvent
@@ -86,6 +89,18 @@ def read(self, event_identifier, identifier):
         except ObjectNotFoundError:
             return response_api_not_found()
 
+    def delete(self, event_identifier, identifier):
+        try:
+            event = self._get_event(event_identifier, [CaseAccessLevel.full_access])
+            comment = comments_get_for_event(event, identifier)
+            if comment.comment_user_id != iris_current_user.id:
+                return ac_api_return_access_denied()
+
+            comments_delete_for_event(event, comment)
+            return response_api_deleted()
+        except ObjectNotFoundError:
+            return response_api_not_found()
+
 
 events_comments_blueprint = Blueprint('events_comments', __name__, url_prefix='/<int:event_identifier>/comments')
 comments_operations = CommentsOperations()
@@ -107,3 +122,9 @@ def create_event_comment(event_identifier):
 @ac_api_requires()
 def get_event_comment(event_identifier, identifier):
     return comments_operations.read(event_identifier, identifier)
+
+
+@events_comments_blueprint.delete('/<int:identifier>')
+@ac_api_requires()
+def delete_task_comment(event_identifier, identifier):
+    return comments_operations.delete(event_identifier, identifier)

source/app/business/comments.py

@@ -51,6 +51,7 @@
 from app.datamgmt.case.case_iocs_db import delete_ioc_comment
 from app.datamgmt.case.case_notes_db import delete_note_comment
 from app.datamgmt.case.case_tasks_db import delete_task_comment
+from app.datamgmt.case.case_events_db import delete_event_comment
 from app.iris_engine.module_handler.module_handler import call_modules_hook
 from app.iris_engine.utils.tracker import track_activity
 from app.models.comments import Comments
@@ -334,3 +335,10 @@ def comments_delete_for_task(task: CaseTasks, comment: Comments):
 
     call_modules_hook('on_postload_task_comment_delete', comment.comment_id, caseid=comment.comment_case_id)
     track_activity(f'comment {comment.comment_id} on task {task.id} deleted', caseid=comment.comment_case_id)
+
+
+def comments_delete_for_event(event: CasesEvent, comment: Comments):
+    delete_event_comment(event.event_id, comment.comment_id)
+
+    call_modules_hook('on_postload_event_comment_delete', comment.comment_id, caseid=comment.comment_case_id)
+    track_activity(f'comment {comment.comment_id} on event {event.event_id} deleted', caseid=comment.comment_case_id)

source/app/datamgmt/case/case_events_db.py

@@ -145,6 +145,8 @@ def get_case_event_comment(event_id, comment_id):
         Comments.comment_date,
         Comments.comment_update_date,
         Comments.comment_uuid,
+        Comments.comment_user_id,
+        Comments.comment_case_id,
         User.name,
         User.user
     ).join(

tests/tests_rest_comments.py

@@ -674,3 +674,16 @@ def test_delete_tasks_comment_should_return_204(self):
 
         response = self._subject.delete(f'/api/v2/tasks/{object_identifier}/comments/{identifier}')
         self.assertEqual(204, response.status_code)
+
+    def test_delete_events_comment_should_return_204(self):
+        case_identifier = self._subject.create_dummy_case()
+        body = {'event_title': 'title', 'event_category_id': 1,
+                'event_date': '2025-03-26T00:00:00.000', 'event_tz': '+00:00',
+                'event_assets': [], 'event_iocs': []}
+        response = self._subject.create(f'/api/v2/cases/{case_identifier}/events', body).json()
+        object_identifier = response['event_id']
+        response = self._subject.create(f'/api/v2/events/{object_identifier}/comments', {}).json()
+        identifier = response['comment_id']
+
+        response = self._subject.delete(f'/api/v2/events/{object_identifier}/comments/{identifier}')
+        self.assertEqual(204, response.status_code)