Feature/admin scope delete routes

[BigFlagBurito]

#303

New:

• Scope.admin has a functionality.
  • If a user is an admin and a route has the scope Admin, the user can access it.
  • In refresh_user, a new attribute is_admin is set for the user.
• Roles-Handler
  • GET roles from user
  • GET roles from lecture
  • POST roles from lecture
  • DELETE (hard) roles from lecture
• Users-Handler
  • GET users
  • GET user
  • PUT user
  • DELETE (hard) user (only if user has no submissions and no roles)
• Submissions-Handler
  • GET submissions from user

Extended:

• Some GET routes return everything for an administrator without restrictions. For example, DeleteState is ignored for assignments.
• Hard/soft DELETE for submission and lecture
• Hard-DELETE for assignments (only admin)
• DELETE deletes the associated folders and files. Deletion is only possible if dependencies have been deleted first. For example, all submissions must first be deleted for an assignment.

[natkam]

I'll review it tomorrow, but for now, I'd have two suggestions:

• Swap the order of if-else blocks where if not <condition>: ... else: ..., to get if <condition>: ... else: ... instead. Conditions without negations are easier to read and understand. (Maybe in some places it makes sense to leave it this way, e.g. if checking if not user.is_admin allows to return immediately and omit the else altogether, but it seems to me that this is not always the case here.)
• And can you please add some tests? (;

[natkam]

I see GitHub reports some linting/formatting issues - we use ruff as pre-commit hook to fix those. Thanks!

[BigFlagBurito]

Thanks, I'll adjust that.
I found a few inconsistencies anyway, and I'm going to change the behavior to cascade deletion, as suggested in the issue.

[BigFlagBurito]

While writing the tests, I noticed that foreign_keys is not enabled in the database.
I assume this is not intentional, right?

[natkam]

While writing the tests, I noticed that foreign_keys is not enabled in the database. I assume this is not intentional, right?

@BigFlagBurito what do you mean by "not enabled"? Do you use PostgreSQL or SQLite?

I'm just about to take a closer look at the last database migration (seems like the user id is not autoincrementing), so I could try to fix other issues.

[BigFlagBurito]

I use SQLite. There, foreign_keys functionality must always be activated for every connection to the database.
Otherwise, ondelete=‘CASCADE’ does not work for SQLite.

I am currently testing this code.

@event.listens_for(Engine, "connect")
def _set_sqlite_pragma(dbapi_connection, connection_record):
    if isinstance(dbapi_connection, sqlite3.Connection):
        cursor = dbapi_connection.cursor()
        cursor.execute("PRAGMA foreign_keys=ON;")
        cursor.close()

This does allow cascade delete to work.
However, some existing tests then fail. I have not yet looked into this in detail.

[natkam]

Hmmm I see that you have added some of the migration and database fixes which I have also implemented in another pull request. Sorry that you had to waste your time fixing those!

Would it be acceptable for you to split this PR into two: one with the database-related fixes (the migration with named FKs and ON DELETE settings would be very welcome!) and another with the new feature? We could then include the first one in the next release, which we were planning to do next week.