Remove deleted attributes in the database models and actually delete the records instead

Author: chriscarrollsmith

routers/authentication.py

@@ -114,7 +114,6 @@ class UserRead(BaseModel):
     organization_id: Optional[int]
     created_at: datetime
     updated_at: datetime
-    deleted: bool
 
 
 # -- Routes --

routers/organization.py

@@ -27,7 +27,6 @@ class OrganizationRead(BaseModel):
     name: str
     created_at: datetime
     updated_at: datetime
-    deleted: bool
 
 
 class OrganizationUpdate(BaseModel):
@@ -113,9 +112,7 @@ def delete_organization(
     if not db_org:
         raise HTTPException(status_code=404, detail="Organization not found")
 
-    db_org.deleted = True
-    db_org.updated_at = datetime.utcnow()
-    session.add(db_org)
+    session.delete(db_org)
     session.commit()
 
     return RedirectResponse(url="/organizations", status_code=303)

routers/role.py

@@ -31,7 +31,6 @@ class RoleRead(BaseModel):
     name: str
     created_at: datetime
     updated_at: datetime
-    deleted: bool
     permissions: List[ValidPermissions]
 
 
@@ -74,7 +73,7 @@ def create_role(
 @router.get("/{role_id}", response_model=RoleRead)
 def read_role(role_id: int, session: Session = Depends(get_session)):
     db_role: Role | None = session.get(Role, role_id)
-    if not db_role or not db_role.id or db_role.deleted:
+    if not db_role or not db_role.id:
         raise HTTPException(status_code=404, detail="Role not found")
 
     permissions = [
@@ -88,7 +87,6 @@ def read_role(role_id: int, session: Session = Depends(get_session)):
         name=db_role.name,
         created_at=db_role.created_at,
         updated_at=db_role.updated_at,
-        deleted=db_role.deleted,
         permissions=permissions
     )
 
@@ -99,7 +97,7 @@ def update_role(
     session: Session = Depends(get_session)
 ) -> RedirectResponse:
     db_role: Role | None = session.get(Role, role.id)
-    if not db_role or not db_role.id or db_role.deleted:
+    if not db_role or not db_role.id:
         raise HTTPException(status_code=404, detail="Role not found")
     role_data = role.model_dump(exclude_unset=True)
     for key, value in role_data.items():
@@ -131,8 +129,6 @@ def delete_role(
     db_role = session.get(Role, role_id)
     if not db_role:
         raise HTTPException(status_code=404, detail="Role not found")
-    db_role.deleted = True
-    db_role.updated_at = utc_time()
-    session.add(db_role)
+    session.delete(db_role)
     session.commit()
     return RedirectResponse(url="/roles", status_code=303)

routers/user.py

@@ -74,11 +74,9 @@ async def delete_account(
     if not verify_password(confirm_delete_password, current_user.hashed_password):
         raise HTTPException(status_code=400, detail="Password is incorrect")
 
-    # Mark the user as deleted
-    current_user.deleted = True
-    session.commit()
-    #Logs Out
-    router.get("/logout", response_class=RedirectResponse)
-    # Deletes user
+    # Delete the user
     session.delete(current_user)
-    return RedirectResponse(url="/", status_code=303)
+    session.commit()
+
+    # Log out the user
+    return RedirectResponse(url="/logout", status_code=303)

tests/test_user.py

@@ -0,0 +1,6 @@
+import pytest
+from fastapi.testclient import TestClient
+from sqlmodel import Session, select
+
+from main import app
+from utils.models import User

utils/models.py

@@ -29,7 +29,6 @@ class Organization(SQLModel, table=True):
     name: str
     created_at: datetime = Field(default_factory=utc_time)
     updated_at: datetime = Field(default_factory=utc_time)
-    deleted: bool = Field(default=False)
 
     users: List["User"] = Relationship(back_populates="organization")
 
@@ -41,7 +40,6 @@ class Role(SQLModel, table=True):
         default=None, foreign_key="organization.id")
     created_at: datetime = Field(default_factory=utc_time)
     updated_at: datetime = Field(default_factory=utc_time)
-    deleted: bool = Field(default=False)
 
     users: List["User"] = Relationship(back_populates="role")
     role_permission_links: List["RolePermissionLink"] = Relationship(
@@ -54,7 +52,6 @@ class Permission(SQLModel, table=True):
         sa_column=Column(SQLAlchemyEnum(ValidPermissions, create_type=False)))
     created_at: datetime = Field(default_factory=utc_time)
     updated_at: datetime = Field(default_factory=utc_time)
-    deleted: bool = Field(default=False)
 
     role_permission_links: List["RolePermissionLink"] = Relationship(
         back_populates="permission")
@@ -83,7 +80,9 @@ class PasswordResetToken(SQLModel, table=True):
     used: bool = Field(default=False)
 
     user: Optional["User"] = Relationship(
-        back_populates="password_reset_tokens")
+        back_populates="password_reset_tokens",
+        sa_relationship_kwargs={"cascade": "all, delete-orphan"}
+    )
 
 
 class User(SQLModel, table=True):
@@ -97,13 +96,14 @@ class User(SQLModel, table=True):
     role_id: Optional[int] = Field(default=None, foreign_key="role.id")
     created_at: datetime = Field(default_factory=utc_time)
     updated_at: datetime = Field(default_factory=utc_time)
-    deleted: bool = Field(default=False)
 
     organization: Optional["Organization"] = Relationship(
         back_populates="users")
     role: Optional["Role"] = Relationship(back_populates="users")
     password_reset_tokens: List["PasswordResetToken"] = Relationship(
-        back_populates="user")
+        back_populates="user",
+        sa_relationship_kwargs={"cascade": "all, delete-orphan"}
+    )
 
 
 class UserOrganizationLink(SQLModel, table=True):