EES-4046: Update delete permission for readability, delete associated data blocks when deleting draft releases.

Tom Jones · Tom Jones · commit 5ed783191b64 · 2024-09-16T14:44:59.000+01:00
diff --git a/src/GovUk.Education.ExploreEducationStatistics.Admin/Security/AuthorizationHandlers/DeleteSpecificReleaseAuthorizationHandlers.cs b/src/GovUk.Education.ExploreEducationStatistics.Admin/Security/AuthorizationHandlers/DeleteSpecificReleaseAuthorizationHandlers.cs
@@ -30,24 +30,34 @@ protected override async Task HandleRequirementAsync(
             DeleteSpecificReleaseRequirement requirement,
             ReleaseVersion releaseVersion)
         {
-            if ((!context.User.IsInRole(RoleNames.BauUser) && !releaseVersion.Amendment) || releaseVersion.ApprovalStatus == Approved)
+            if (releaseVersion.ApprovalStatus != Draft)
             {
                 return;
             }
 
-            if (SecurityUtils.HasClaim(context.User, DeleteAllReleaseAmendments))
+            if (!releaseVersion.Amendment)
             {
-                context.Succeed(requirement);
-                return;
+                if (context.User.IsInRole(RoleNames.BauUser))
+                {
+                    context.Succeed(requirement);
+                }
             }
-
-            if (await _authorizationHandlerService
-                    .HasRolesOnPublication(
-                        userId: context.User.GetUserId(),
-                        publicationId: releaseVersion.PublicationId,
-                        Owner))
+            else
             {
-                context.Succeed(requirement);
+                if (SecurityUtils.HasClaim(context.User, DeleteAllReleaseAmendments))
+                {
+                    context.Succeed(requirement);
+                    return;
+                }
+
+                if (await _authorizationHandlerService
+                        .HasRolesOnPublication(
+                            userId: context.User.GetUserId(),
+                            publicationId: releaseVersion.PublicationId,
+                            Owner))
+                {
+                    context.Succeed(requirement);
+                }
             }
         }
     }
diff --git a/src/GovUk.Education.ExploreEducationStatistics.Admin/Services/ReleaseService.cs b/src/GovUk.Education.ExploreEducationStatistics.Admin/Services/ReleaseService.cs
@@ -214,13 +214,20 @@ public Task<Either<ActionResult, Unit>> DeleteReleaseVersion(
             return _persistenceHelper
                 .CheckEntityExists<ReleaseVersion>(releaseVersionId)
                 .OnSuccess(_userService.CheckCanDeleteReleaseVersion)
+                .OnSuccessDo(releaseVersion =>
+                {
+                    if (releaseVersion.ApprovalStatus != ReleaseApprovalStatus.Draft)
+                    {
+                        throw new Exception("Can only delete draft releases");
+                    }
+                })
                 .OnSuccessDo(async () => await _processorClient.BulkDeleteDataSetVersions(releaseVersionId))
                 .OnSuccessDo(async release => await _cacheService.DeleteCacheFolderAsync(new PrivateReleaseContentFolderCacheKey(release.Id)))
                 .OnSuccessDo(async () => await _releaseDataFileService.DeleteAll(releaseVersionId))
                 .OnSuccessDo(async () => await _releaseFileService.DeleteAll(releaseVersionId))
                 .OnSuccessVoid(async releaseVersion =>
                 {
-                    if (!releaseVersion.Amendment && releaseVersion.ApprovalStatus == ReleaseApprovalStatus.Draft)
+                    if (!releaseVersion.Amendment)
                     {
                         await HardDeleteForDraft(releaseVersion, cancellationToken);
                     }
@@ -233,6 +240,7 @@ public Task<Either<ActionResult, Unit>> DeleteReleaseVersion(
 
                     await _context.SaveChangesAsync();
 
+                    // TODO: This may be redundant (investigate as part of EES-1295)
                     await _releaseSubjectRepository.DeleteAllReleaseSubjects(releaseVersionId: releaseVersionId);
                 });
         }
@@ -241,19 +249,15 @@ private async Task HardDeleteForDraft(
             ReleaseVersion releaseVersion,
             CancellationToken cancellationToken)
         {
-            var publication = await _context.Publications.FindAsync(releaseVersion.PublicationId, cancellationToken);
-            var releaseSeriesItem = publication!.ReleaseSeries.Find(rs => rs.ReleaseId == releaseVersion.ReleaseId);
-
-            publication.ReleaseSeries.Remove(releaseSeriesItem!);
-            _context.Publications.Update(publication);
+            await DeleteReleaseSeriesItem(releaseVersion, cancellationToken);
+            DeleteDataBlocks(releaseVersion.Id);
 
             var release = await _context.Releases.FindAsync(releaseVersion.ReleaseId, cancellationToken);
             _context.Releases.Remove(release!);
 
+            // We suspect this is only necessary for the unit tests, as the in-memory database doesn't perform a cascade delete
             await DeleteRoles(releaseVersion.Id, hardDelete: true, cancellationToken);
             await DeleteInvites(releaseVersion.Id, hardDelete: true, cancellationToken);
-
-            _context.ReleaseVersions.Remove(releaseVersion);
         }
 
         private async Task SoftDeleteForAmendment(
@@ -267,6 +271,7 @@ private async Task SoftDeleteForAmendment(
             await DeleteInvites(releaseVersion.Id, hardDelete: false, cancellationToken);
         }
 
+        // TODO: UserReleaseRoles deletion should probably be handled by cascade deletion of the associated ReleaseVersion (investigate as part of EES-1295)
         private async Task DeleteRoles(
             Guid releaseVersionId,
             bool hardDelete,
@@ -289,6 +294,7 @@ private async Task DeleteRoles(
             }
         }
 
+        // TODO: UserReleaseInvites deletion should probably be handled by cascade deletion of the associated ReleaseVersion (investigate as part of EES-1295)
         private async Task DeleteInvites(
             Guid releaseVersionId,
             bool hardDelete,
@@ -311,6 +317,26 @@ private async Task DeleteInvites(
             }
         }
 
+        private async Task DeleteReleaseSeriesItem(
+            ReleaseVersion releaseVersion,
+            CancellationToken cancellationToken)
+        {
+            var publication = await _context.Publications.FindAsync(releaseVersion.PublicationId, cancellationToken);
+            var releaseSeriesItem = publication!.ReleaseSeries.Find(rs => rs.ReleaseId == releaseVersion.ReleaseId);
+
+            publication.ReleaseSeries.Remove(releaseSeriesItem!);
+            _context.Publications.Update(publication);
+        }
+
+        private void DeleteDataBlocks(Guid releaseVersionId)
+        {
+            var dataBlocks = _context.DataBlockVersions
+                .Where(dbv => dbv.ReleaseVersionId == releaseVersionId)
+                .Select(dbv => dbv.DataBlockParent);
+
+            _context.DataBlockParents.RemoveRange(dataBlocks);
+        }
+
         private void UpdateMethodologies(Guid releaseVersionId)
         {
             var methodologiesScheduledWithRelease = GetMethodologiesScheduledWithRelease(releaseVersionId);

Original file line number	Diff line number	Diff line change
`@@ -30,24 +30,34 @@ protected override async Task HandleRequirementAsync(`
`30`	`30`	`DeleteSpecificReleaseRequirement requirement,`
`31`	`31`	`ReleaseVersion releaseVersion)`
`32`	`32`	`{`
`33`		`- if ((!context.User.IsInRole(RoleNames.BauUser) && !releaseVersion.Amendment) \|\| releaseVersion.ApprovalStatus == Approved)`
	`33`	`+ if (releaseVersion.ApprovalStatus != Draft)`
`34`	`34`	`{`
`35`	`35`	`return;`
`36`	`36`	`}`
`37`	`37`
`38`		`- if (SecurityUtils.HasClaim(context.User, DeleteAllReleaseAmendments))`
	`38`	`+ if (!releaseVersion.Amendment)`
`39`	`39`	`{`
`40`		`- context.Succeed(requirement);`
`41`		`- return;`
	`40`	`+ if (context.User.IsInRole(RoleNames.BauUser))`
	`41`	`+ {`
	`42`	`+ context.Succeed(requirement);`
	`43`	`+ }`
`42`	`44`	`}`
`43`		`-`
`44`		`- if (await _authorizationHandlerService`
`45`		`- .HasRolesOnPublication(`
`46`		`- userId: context.User.GetUserId(),`
`47`		`- publicationId: releaseVersion.PublicationId,`
`48`		`- Owner))`
	`45`	`+ else`
`49`	`46`	`{`
`50`		`- context.Succeed(requirement);`
	`47`	`+ if (SecurityUtils.HasClaim(context.User, DeleteAllReleaseAmendments))`
	`48`	`+ {`
	`49`	`+ context.Succeed(requirement);`
	`50`	`+ return;`
	`51`	`+ }`
	`52`	`+`
	`53`	`+ if (await _authorizationHandlerService`
	`54`	`+ .HasRolesOnPublication(`
	`55`	`+ userId: context.User.GetUserId(),`
	`56`	`+ publicationId: releaseVersion.PublicationId,`
	`57`	`+ Owner))`
	`58`	`+ {`
	`59`	`+ context.Succeed(requirement);`
	`60`	`+ }`
`51`	`61`	`}`
`52`	`62`	`}`
`53`	`63`	`}`