feat: Implement logic to prevent deletion of system tasks and rewards; update APIs and tests accordingly
All checks were successful
Gitea Actions Demo / build-and-push (push) Successful in 34s
All checks were successful
Gitea Actions Demo / build-and-push (push) Successful in 34s
This commit is contained in:
@@ -2,7 +2,7 @@ from flask import Blueprint, request, jsonify
|
||||
from tinydb import Query
|
||||
|
||||
from api.utils import send_event_for_current_user, get_validated_user_id
|
||||
from backend.events.types.child_rewards_set import ChildRewardsSet
|
||||
from events.types.child_rewards_set import ChildRewardsSet
|
||||
from db.db import reward_db, child_db
|
||||
from events.types.event import Event
|
||||
from events.types.event_types import EventType
|
||||
@@ -72,7 +72,14 @@ def delete_reward(id):
|
||||
if not user_id:
|
||||
return jsonify({'error': 'Unauthorized', 'code': 'UNAUTHORIZED'}), 401
|
||||
RewardQuery = Query()
|
||||
removed = reward_db.remove((RewardQuery.id == id) & ((RewardQuery.user_id == user_id) | (RewardQuery.user_id == None)))
|
||||
reward = reward_db.get(RewardQuery.id == id)
|
||||
if not reward:
|
||||
return jsonify({'error': 'Reward not found'}), 404
|
||||
if reward.get('user_id') is None:
|
||||
import logging
|
||||
logging.warning(f"Forbidden delete attempt on system reward: id={id}, by user_id={user_id}")
|
||||
return jsonify({'error': 'System rewards cannot be deleted.'}), 403
|
||||
removed = reward_db.remove((RewardQuery.id == id) & (RewardQuery.user_id == user_id))
|
||||
if removed:
|
||||
# remove the reward id from any child's reward list
|
||||
ChildQuery = Query()
|
||||
@@ -81,7 +88,7 @@ def delete_reward(id):
|
||||
if id in rewards:
|
||||
rewards.remove(id)
|
||||
child_db.update({'rewards': rewards}, ChildQuery.id == child.get('id'))
|
||||
send_event_for_current_user(Event(EventType.CHILD_REWARD_SET.value, ChildRewardsSet(id, rewards)))
|
||||
send_event_for_current_user(Event(EventType.CHILD_REWARDS_SET.value, ChildRewardsSet(id, rewards)))
|
||||
send_event_for_current_user(Event(EventType.REWARD_MODIFIED.value, RewardModified(id, RewardModified.OPERATION_DELETE)))
|
||||
return jsonify({'message': f'Reward {id} deleted.'}), 200
|
||||
return jsonify({'error': 'Reward not found'}), 404
|
||||
|
||||
Reference in New Issue
Block a user