Merge pull request #53 from MeasureAuthoringTool/feature/MAT-6051-har…

…d-delete-draft

Feature/mat 6051 hard delete draft

src/main/java/gov/cms/madie/cqllibraryservice/CqlLibraryServiceApplication.java

@@ -33,7 +33,7 @@ public void addInterceptors(InterceptorRegistry registry) {
       public void addCorsMappings(CorsRegistry registry) {
         registry
             .addMapping("/**")
-            .allowedMethods("PUT", "POST", "GET")
+            .allowedMethods("PUT", "POST", "GET", "DELETE")
             .allowedOrigins(
                 "http://localhost:9000",
                 "https://dev-madie.hcqis.org",

src/main/java/gov/cms/madie/cqllibraryservice/controllers/CqlLibraryController.java

@@ -188,4 +188,10 @@ public ResponseEntity<String> changeOwnership(
 
     return response;
   }
+
+  @DeleteMapping("/{id}")
+  public ResponseEntity<CqlLibrary> hardDeleteLibrary(
+      @PathVariable("id") String id, Principal principal) {
+    return ResponseEntity.ok(cqlLibraryService.deleteDraftLibrary(id, principal.getName()));
+  }
 }

src/main/java/gov/cms/madie/cqllibraryservice/services/CqlLibraryService.java

@@ -92,4 +92,21 @@ public boolean changeOwnership(String id, String userid) {
     }
     return result;
   }
+
+  public CqlLibrary deleteDraftLibrary(final String id, final String userId) {
+    CqlLibrary cqlLibrary = findCqlLibraryById(id);
+    if (!userId.equalsIgnoreCase(cqlLibrary.getLibrarySet().getOwner())) {
+      throw new PermissionDeniedException("CQL Library", cqlLibrary.getId(), userId);
+    }
+
+    if (cqlLibrary.isDraft()) {
+      cqlLibraryRepository.delete(cqlLibrary);
+    } else {
+      throw new GeneralConflictException(
+          String.format(
+              "Could not update resource %s with id: %s. Resource is not a Draft.",
+              "CQL Library", id));
+    }
+    return cqlLibrary;
+  }
 }

src/test/java/gov/cms/madie/cqllibraryservice/controllers/CqlLibraryControllerMvcTest.java

@@ -14,6 +14,7 @@
 import static org.mockito.Mockito.*;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
@@ -1394,4 +1395,88 @@ public void testChangeOwnership() throws Exception {
     assertNotNull(targetIdArgumentCaptor.getValue());
     assertThat(actionTypeArgumentCaptor.getValue(), is(equalTo(ActionType.UPDATED)));
   }
+
+  @Test
+  public void testHardDeleteDraftLibraryForNonOwnerReturnsForbidden() throws Exception {
+    String libraryId = "f225481c-921e-4015-9e14-e5046bfac9ff";
+
+    when(cqlLibraryService.deleteDraftLibrary(anyString(), anyString()))
+        .thenThrow(new PermissionDeniedException("CQL Library", libraryId, TEST_USER_ID));
+
+    mockMvc
+        .perform(
+            delete("/cql-libraries/" + libraryId)
+                .with(user(TEST_USER_ID))
+                .with(csrf())
+                .header("Authorization", "test-okta")
+                .contentType(MediaType.APPLICATION_JSON_VALUE))
+        .andExpect(status().isForbidden());
+
+    verify(cqlLibraryService, times(1)).deleteDraftLibrary(eq(libraryId), anyString());
+  }
+
+  @Test
+  public void testHardDeleteDraftLibraryForMissingLibraryReturnsNotFound() throws Exception {
+    String libraryId = "f225481c-921e-4015-9e14-e5046bfac9ff";
+
+    when(cqlLibraryService.deleteDraftLibrary(anyString(), anyString()))
+        .thenThrow(new ResourceNotFoundException("CQL Library", libraryId));
+
+    mockMvc
+        .perform(
+            delete("/cql-libraries/" + libraryId)
+                .with(user(TEST_USER_ID))
+                .with(csrf())
+                .header("Authorization", "test-okta")
+                .contentType(MediaType.APPLICATION_JSON_VALUE))
+        .andExpect(status().isNotFound());
+
+    verify(cqlLibraryService, times(1)).deleteDraftLibrary(eq(libraryId), eq(TEST_USER_ID));
+  }
+
+  @Test
+  public void testHardDeleteDraftLibraryForNonDraftReturnsConflict() throws Exception {
+    String libraryId = "f225481c-921e-4015-9e14-e5046bfac9ff";
+
+    when(cqlLibraryService.deleteDraftLibrary(anyString(), anyString()))
+        .thenThrow(
+            new GeneralConflictException(
+                String.format(
+                    "Could not update resource %s with id: %s. Resource is not a Draft.",
+                    "CQL Library", libraryId)));
+
+    mockMvc
+        .perform(
+            delete("/cql-libraries/" + libraryId)
+                .with(user(TEST_USER_ID))
+                .with(csrf())
+                .header("Authorization", "test-okta")
+                .contentType(MediaType.APPLICATION_JSON_VALUE))
+        .andExpect(status().isConflict());
+
+    verify(cqlLibraryService, times(1)).deleteDraftLibrary(eq(libraryId), eq(TEST_USER_ID));
+  }
+
+  @Test
+  public void testHardDeleteDraftLibraryForDraftReturnsDeletedLibrary() throws Exception {
+    String libraryId = "f225481c-921e-4015-9e14-e5046bfac9ff";
+
+    when(cqlLibraryService.deleteDraftLibrary(anyString(), anyString()))
+        .thenReturn(
+            CqlLibrary.builder().cqlLibraryName("WillBeDeleted").draft(true).id(libraryId).build());
+
+    mockMvc
+        .perform(
+            delete("/cql-libraries/" + libraryId)
+                .with(user(TEST_USER_ID))
+                .with(csrf())
+                .header("Authorization", "test-okta")
+                .contentType(MediaType.APPLICATION_JSON_VALUE))
+        .andExpect(jsonPath("$.id").value(libraryId))
+        .andExpect(jsonPath("$.draft").value(true))
+        .andExpect(jsonPath("$.cqlLibraryName").value("WillBeDeleted"))
+        .andExpect(status().isOk());
+
+    verify(cqlLibraryService, times(1)).deleteDraftLibrary(eq(libraryId), eq(TEST_USER_ID));
+  }
 }

src/test/java/gov/cms/madie/cqllibraryservice/services/CqlLibraryServiceTest.java

@@ -1,15 +1,19 @@
 package gov.cms.madie.cqllibraryservice.services;
 
+import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.notNullValue;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import gov.cms.madie.cqllibraryservice.exceptions.DuplicateKeyException;
 import gov.cms.madie.cqllibraryservice.exceptions.GeneralConflictException;
+import gov.cms.madie.cqllibraryservice.exceptions.PermissionDeniedException;
 import gov.cms.madie.cqllibraryservice.exceptions.ResourceNotFoundException;
 import gov.cms.madie.models.common.Version;
 import gov.cms.madie.models.library.CqlLibrary;
@@ -215,4 +219,70 @@ public void testChangeOwnership() {
     boolean result = cqlLibraryService.changeOwnership(library.getId(), "user123");
     assertTrue(result);
   }
+
+  @Test
+  public void testDeleteDraftLibraryWithIdNotFound() {
+    when(cqlLibraryRepository.findById(anyString())).thenReturn(Optional.empty());
+
+    assertThrows(
+        ResourceNotFoundException.class,
+        () -> cqlLibraryService.deleteDraftLibrary("MISSING", "TEST_USER"));
+  }
+
+  @Test
+  public void testDeleteDraftLibraryWithVersionedLibrary() {
+    CqlLibrary library =
+        CqlLibrary.builder()
+            .draft(false)
+            .id("LibID")
+            .librarySetId("LibSetID")
+            .version(Version.parse("1.0.0"))
+            .build();
+    when(cqlLibraryRepository.findById(anyString())).thenReturn(Optional.of(library));
+
+    when(librarySetService.findByLibrarySetId(anyString()))
+        .thenReturn(LibrarySet.builder().librarySetId("LibSetID").owner("TEST_USER").build());
+
+    assertThrows(
+        GeneralConflictException.class,
+        () -> cqlLibraryService.deleteDraftLibrary("LibID", "TEST_USER"));
+  }
+
+  @Test
+  public void testDeleteDraftLibraryWithDraftLibraryNonOwner() {
+    CqlLibrary library =
+        CqlLibrary.builder()
+            .draft(true)
+            .id("LibID")
+            .librarySetId("LibSetID")
+            .version(Version.parse("1.0.0"))
+            .build();
+    when(cqlLibraryRepository.findById(anyString())).thenReturn(Optional.of(library));
+    when(librarySetService.findByLibrarySetId(anyString()))
+        .thenReturn(LibrarySet.builder().librarySetId("LibSetID").owner("SOME_OTHER_USER").build());
+
+    assertThrows(
+        PermissionDeniedException.class,
+        () -> cqlLibraryService.deleteDraftLibrary("LibID", "TEST_USER"));
+  }
+
+  @Test
+  public void testDeleteDraftLibraryWithDraftLibrary() {
+    CqlLibrary library =
+        CqlLibrary.builder()
+            .draft(true)
+            .id("LibID")
+            .librarySetId("LibSetID")
+            .version(Version.parse("1.0.0"))
+            .build();
+    when(cqlLibraryRepository.findById(anyString())).thenReturn(Optional.of(library));
+    when(librarySetService.findByLibrarySetId(anyString()))
+        .thenReturn(LibrarySet.builder().librarySetId("LibSetID").owner("TEST_USER").build());
+    doNothing().when(cqlLibraryRepository).delete(any(CqlLibrary.class));
+
+    CqlLibrary output = cqlLibraryService.deleteDraftLibrary("LibID", "TEST_USER");
+
+    assertThat(output, is(notNullValue()));
+    assertThat(output, is(equalTo(library)));
+  }
 }