From 31554b011048c21a7dffd4b6b7d932bacdb1ec31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20K=C3=BCnzel?= <simonk@fsmpi.rwth-aachen.de>
Date: Sat, 17 May 2025 22:31:50 +0200
Subject: [PATCH] disallow deletion of publish media via API (process scheduler
manages that)
---
api/tests/routes/object_modifications.py | 22 +++++++------------
.../videoag_common/api_object/object_class.py | 4 +++-
.../src/videoag_common/objects/medium.py | 3 ++-
3 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/api/tests/routes/object_modifications.py b/api/tests/routes/object_modifications.py
index 1df90b6..5f5047d 100644
--- a/api/tests/routes/object_modifications.py
+++ b/api/tests/routes/object_modifications.py
@@ -1624,32 +1624,26 @@ class ObjectModificationsTest(ApiTest):
assert_empty_response=True,
use_moderator_login=True,
)
- self.do_json_request(
- "DELETE",
- f"/object_management/publish_medium/204",
- assert_empty_response=True,
- use_moderator_login=True,
- )
self.do_json_request(
"POST",
- f"/object_management/publish_medium/204/resurrect",
- expected_response_status=HTTP_401_UNAUTHORIZED
+ f"/object_management/lecture/290000/resurrect",
+ expected_response_status=HTTP_404_NOT_FOUND,
+ use_moderator_login=True
)
self.do_json_request(
"POST",
- f"/object_management/publish_medium/12000/resurrect",
- expected_response_status=HTTP_404_NOT_FOUND,
- use_moderator_login=True
+ f"/object_management/lecture/29/resurrect",
+ expected_response_status=HTTP_401_UNAUTHORIZED
)
self.do_json_request(
"POST",
- f"/object_management/publish_medium/204/resurrect",
+ f"/object_management/lecture/29/resurrect",
assert_empty_response=True,
- use_moderator_login=True,
+ use_moderator_login=True
)
self.do_json_request(
"POST",
- f"/object_management/publish_medium/204/resurrect",
+ f"/object_management/lecture/29/resurrect",
expected_response_status=HTTP_400_BAD_REQUEST,
use_moderator_login=True
)
diff --git a/common_py/src/videoag_common/api_object/object_class.py b/common_py/src/videoag_common/api_object/object_class.py
index ab0b362..ed5040b 100644
--- a/common_py/src/videoag_common/api_object/object_class.py
+++ b/common_py/src/videoag_common/api_object/object_class.py
@@ -31,11 +31,13 @@ class ApiObjectClass:
parent_relationship_config_ids: list[str] or None = None,
enable_config: bool or None = None,
config_allow_creation: bool = True,
+ config_allow_deletion: bool = True,
enable_data: bool or None = None,
):
self._parent_relationship_config_ids = parent_relationship_config_ids
self.enable_config = enable_config
self.config_allow_creation = config_allow_creation
+ self.config_allow_deletion = config_allow_deletion
self.enable_data = enable_data
self.orm_class = None
@@ -356,7 +358,7 @@ class ApiObjectClass:
return self._creation_config_json
def is_deletion_allowed(self) -> bool:
- return issubclass(self.orm_class, DeletableApiObject)
+ return issubclass(self.orm_class, DeletableApiObject) and self.config_allow_deletion
def get_current_config(self, session: SessionDb, object_id: int):
if not self.enable_config:
diff --git a/common_py/src/videoag_common/objects/medium.py b/common_py/src/videoag_common/objects/medium.py
index 3de3f29..1e81565 100644
--- a/common_py/src/videoag_common/objects/medium.py
+++ b/common_py/src/videoag_common/objects/medium.py
@@ -360,7 +360,8 @@ class MediumMetadata(ApiObject, Base):
class PublishMedium(VisibilityApiObject, DeletableApiObject, Base):
__api_class__ = ApiObjectClass(
parent_relationship_config_ids=["lecture"],
- config_allow_creation=False
+ config_allow_creation=False,
+ config_allow_deletion=False,
)
# Yes, this is a bit redundant since medium_metadata.file.lecture_id already has it. However, after struggling with
--
GitLab