32396 - Add in tweak for delete (#3610)

Author: seeker25

auth-api/src/auth_api/services/affiliation_invitation.py

@@ -49,6 +49,7 @@
 from auth_api.utils.account_mailer import publish_to_mailer
 from auth_api.utils.enums import (
     AccessType,
+    AffiliationInvitationAction,
     AffiliationInvitationType,
     InvitationStatus,
     LoginSource,
@@ -316,6 +317,7 @@ def create_affiliation_invitation(
         AffiliationInvitation.check_auth_for_invitation(
             invitation_type=affiliation_invitation_type,
             from_org_id=from_org_id,
+            action=AffiliationInvitationAction.CREATE,
         )
 
         entity, from_org, business = AffiliationInvitation._validate_prerequisites(
@@ -411,7 +413,9 @@ def update_affiliation_invitation(self, user, affiliation_invitation_info: dict)
         """Update the specified affiliation invitation with new data."""
         invitation: AffiliationInvitationModel = self._model
 
-        AffiliationInvitation.check_auth_for_invitation(invitation=self._model)
+        AffiliationInvitation.check_auth_for_invitation(
+            invitation=self._model, action=AffiliationInvitationAction.UPDATE
+        )
 
         # Don't do any updates if the invitation is not in PENDING state
         if invitation.invitation_status_code != InvitationStatus.PENDING.value:
@@ -457,7 +461,9 @@ def delete_affiliation_invitation(invitation_id):
         if not (invitation := AffiliationInvitationModel.find_invitation_by_id(invitation_id)):
             raise BusinessException(Error.DATA_NOT_FOUND, None)
 
-        AffiliationInvitation.check_auth_for_invitation(invitation=invitation)
+        AffiliationInvitation.check_auth_for_invitation(
+            invitation=invitation, action=AffiliationInvitationAction.DELETE
+        )
 
         if invitation.status == InvitationStatus.ACCEPTED.value:
             invitation.is_deleted = True
@@ -811,13 +817,18 @@ def check_auth_for_invitation(
         invitation: AffiliationInvitationModel = None,
         invitation_type: AffiliationInvitationType = None,
         from_org_id: int = None,
+        action: AffiliationInvitationAction = None,
     ):
         """Check if the user has the right to perform the action on the invitation."""
         invitation_type = invitation_type or AffiliationInvitationType.from_value(invitation.type)
         from_org_id = from_org_id or invitation.from_org_id
         match invitation_type:
             case AffiliationInvitationType.REQUEST | AffiliationInvitationType.EMAIL:
                 check_auth(org_id=from_org_id, one_of_roles=(ADMIN, COORDINATOR, USER, STAFF))
+            case AffiliationInvitationType.UNAFFILIATED_EMAIL:
+                if action != AffiliationInvitationAction.DELETE:
+                    raise BusinessException(Error.INVALID_AFFILIATION_INVITATION_TYPE, None)
+                check_auth(org_id=from_org_id, one_of_roles=(ADMIN, COORDINATOR, USER, STAFF))
             case _:
                 raise BusinessException(Error.INVALID_AFFILIATION_INVITATION_TYPE, None)
 

auth-api/src/auth_api/utils/enums.py

@@ -213,6 +213,14 @@ class InvitationType(Enum):
     STANDARD = "STANDARD"  # Used to indicate the standard email invite with admin approval
 
 
+class AffiliationInvitationAction(Enum):
+    """Action being performed on an affiliation invitation."""
+
+    CREATE = "CREATE"
+    UPDATE = "UPDATE"
+    DELETE = "DELETE"
+
+
 class AffiliationInvitationType(Enum):
     """Affiliation Invitation type."""
 

auth-api/tests/unit/services/test_affiliation_invitation.py

@@ -40,7 +40,12 @@
 from auth_api.services import Org as OrgService
 from auth_api.services import User
 from auth_api.utils import roles
-from auth_api.utils.enums import AffiliationInvitationType, InvitationStatus, LoginSource, QueueMessageType
+from auth_api.utils.enums import (
+    AffiliationInvitationType,
+    InvitationStatus,
+    LoginSource,
+    QueueMessageType,
+)
 from tests.utilities.factory_scenarios import TestContactInfo, TestEntityInfo, TestJwtClaims, TestOrgInfo, TestUserInfo
 from tests.utilities.factory_utils import (
     factory_affiliation_invitation,
@@ -986,10 +991,11 @@ def test_get_all_invitations_with_details_related_to_org(
 @pytest.mark.parametrize(
     "operation,login_source,expected_error",
     [
-        # UNAFFILIATED_EMAIL blocked by check_auth_for_invitation for create/update/delete
-        ("create", None, Error.INVALID_AFFILIATION_INVITATION_TYPE),
-        ("update", None, Error.INVALID_AFFILIATION_INVITATION_TYPE),
-        ("delete", None, Error.INVALID_AFFILIATION_INVITATION_TYPE),
+        # UNAFFILIATED_EMAIL blocked by check_auth_for_invitation for create/update
+        ("create", LoginSource.BCSC.value, Error.INVALID_AFFILIATION_INVITATION_TYPE),
+        ("update", LoginSource.BCSC.value, Error.INVALID_AFFILIATION_INVITATION_TYPE),
+        # UNAFFILIATED_EMAIL delete is allowed
+        ("delete", LoginSource.BCSC.value, None),
         # UNAFFILIATED_EMAIL accept checks login_source
         ("accept", LoginSource.BCSC.value, None),
         ("accept", LoginSource.BCEID.value, Error.INVALID_USER_CREDENTIALS),
@@ -1041,16 +1047,20 @@ def test_unaffiliated_email_invitation_auth(
                 elif operation == "update":
                     invitation = AffiliationInvitationService.send_unaffiliated_email_invitation(entity)
                     invitation.update_affiliation_invitation(User(user), {})
-                elif operation == "delete":
-                    invitation = AffiliationInvitationService.send_unaffiliated_email_invitation(entity)
-                    AffiliationInvitationService.delete_affiliation_invitation(invitation.as_dict()["id"])
                 elif operation == "accept":
                     invitation = AffiliationInvitationService.send_unaffiliated_email_invitation(entity)
                     AffiliationInvitationService.accept_affiliation_invitation(
                         invitation.as_dict()["id"], User(user), ""
                     )
             assert exception.value.code == expected_error.name
-        else:
+        elif operation == "delete":
+            invitation = AffiliationInvitationService.send_unaffiliated_email_invitation(entity)
+            invitation_id = invitation.as_dict()["id"]
+            AffiliationInvitationService.accept_affiliation_invitation(invitation_id, User(user), "")
+            AffiliationInvitationService.delete_affiliation_invitation(invitation_id)
+            updated = AffiliationInvitationModel.find_invitation_by_id(invitation_id)
+            assert updated.is_deleted is True
+        elif operation == "accept":
             invitation = AffiliationInvitationService.send_unaffiliated_email_invitation(entity)
             result = AffiliationInvitationService.accept_affiliation_invitation(
                 invitation.as_dict()["id"], User(user), ""