Merge pull request #82 from majestrate/delete-all-posts-for-user-2022-03-03

Add Remove all posts for user from room endpoint

Author: jagerman

sogs/model/room.py

@@ -934,20 +934,19 @@ def delete_all_posts(self, poster: User, *, deleter: User):
             # Set up files for deletion, but don't wipe out the room image in case the target was
             # the one who uploaded it:
             image = self.image
-            omit_id = image.id if image.uploader == poster.id else None
+            omit_id = image.id if image and image.uploader == poster.id else None
 
             # TODO: Eventually we can drop this: once uploads have to be properly associated with
             # posts then the post deletion should trigger automatic expiry of post attachments.
 
-            # Don't actually delete right now but set room to NULL so that the images aren't
-            # retrievable, and set expiry to now so that they'll be picked up by the next db
-            # cleanup.
+            # Don't actually delete right now but just expire them so that the next db cleanup will
+            # perform the deletion (and since they are expired, they won't be accessible in the
+            # meantime).
             result = query(
                 f"""
-                UPDATE files SET room = NULL, expiry = :now WHERE room = :r AND uploader = :u
+                UPDATE files SET expiry = 0.0 WHERE room = :r AND uploader = :u
                     {'AND id != :omit' if omit_id else ''}
                 """,
-                now=time.time(),
                 r=self.id,
                 u=poster.id,
                 omit=omit_id,

sogs/routes/rooms.py

@@ -1,5 +1,5 @@
 from .. import config, db, http
-from ..model import room as mroom, exc
+from ..model import room as mroom, exc, user as muser
 from ..web import app
 from . import auth
 
@@ -542,3 +542,28 @@ def serve_file_with_ignored_filename(room, fileId, filename):
 
     """
     return serve_file(room=room, fileId=fileId)
+
+
+@rooms.delete("/room/<Room:room>/all/<SessionID:sid>")
+def delete_all_posts(room, sid):
+    """
+    Deletes all posts from a room made by a user
+
+    # URL Parameters
+
+    - `sid` — the session id of the user to ban
+
+    # Return value
+
+    An empty json object is returned.
+
+    # Error status codes
+
+    - 403 Forbidden — if the invoking user does not have access to the room.
+    - 404 Not Found — if the user we are deleting posts from made no posts in this room.
+    """
+    user = muser.User(session_id=sid, autovivify=False)
+    deleted, _ = room.delete_all_posts(user, deleter=g.user)
+    if not deleted:
+        abort(http.NOT_FOUND)
+    return jsonify({})

tests/test_room_routes.py

@@ -1377,3 +1377,43 @@ def test_file_upload_false(client, room, user, mod):
         extra_headers={"Content-Disposition": ('attachment', {'filename': filename})},
     )
     assert r.status_code == 403
+
+
+def test_remove_all_posts_from_room(client, room, user, mod, no_rate_limit):
+    for _ in range(256):
+        _make_dummy_post(room, user)
+    assert len(room.get_messages_for(user, recent=True)) == 256
+    r = sogs_delete(client, f'/room/{room.token}/all/{user.session_id}', mod)
+    assert r.status_code == 200
+    assert len(room.get_messages_for(user, recent=True)) == 0
+    assert room.check_unbanned(user)
+
+
+def test_remove_all_posts_from_room_not_allowed(client, room, user, user2, no_rate_limit):
+    for _ in range(256):
+        _make_dummy_post(room, user)
+    assert len(room.get_messages_for(user, recent=True)) == 256
+    with pytest.raises(wexc.Forbidden):
+        sogs_delete(client, f'/room/{room.token}/all/{user.session_id}', user2)
+    assert len(room.get_messages_for(user, recent=True)) == 256
+    assert room.check_unbanned(user) and room.check_unbanned(user2)
+
+
+def test_remove_all_posts_from_room_not_allowed_for_user(client, room, mod, user, no_rate_limit):
+    for _ in range(256):
+        _make_dummy_post(room, mod)
+    with pytest.raises(wexc.Forbidden):
+        sogs_delete(client, f'/room/{room.token}/all/{mod.session_id}', user)
+    assert len(room.get_messages_for(user, recent=True)) == 256
+    assert room.check_unbanned(user) and room.check_unbanned(mod)
+
+
+def test_remove_all_self_posts_from_room(client, room, mod, user, no_rate_limit):
+    for u in (user, mod):
+        for _ in range(256):
+            _make_dummy_post(room, u)
+        assert len(room.get_messages_for(u, recent=True)) == 256
+        r = sogs_delete(client, f'/room/{room.token}/all/{u.session_id}', u)
+        assert r.status_code == 200
+        assert len(room.get_messages_for(u, recent=True)) == 0
+        assert room.check_unbanned(u)