Implement cyberstorm view for removing team member

Implement a APIView for removing team members from teams in the
cyberstom API. Utilize the service layer function for removing team
members in the view.

Add URL and implement tests.

Refs. TS-2315

Author: Roffenlund

django/thunderstore/api/cyberstorm/tests/test_remove_team_member.py

@@ -0,0 +1,134 @@
+import pytest
+from rest_framework.test import APIClient
+
+from conftest import TestUserTypes
+from thunderstore.core.types import UserType
+from thunderstore.repository.factories import TeamFactory, TeamMemberFactory
+from thunderstore.repository.models.team import Team, TeamMember, TeamMemberRole
+
+
+def get_remove_team_member_url(team_name: str, team_member: str) -> str:
+    return f"/api/cyberstorm/team/{team_name}/member/{team_member}/remove/"
+
+
+def make_request(api_client: APIClient, team_name: str, team_member: str):
+    return api_client.delete(
+        get_remove_team_member_url(team_name, team_member),
+        content_type="application/json",
+    )
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize("user_type", TestUserTypes.options())
+def test_remove_team_member_user_roles(user_type, api_client, team_member):
+    user = TestUserTypes.get_user_by_type(user_type)
+    team_member_pk = team_member.pk
+
+    user_type_result = {
+        TestUserTypes.no_user: 401,
+        TestUserTypes.unauthenticated: 401,
+        TestUserTypes.regular_user: 204,
+        TestUserTypes.deactivated_user: 400,
+        TestUserTypes.service_account: 400,
+        TestUserTypes.site_admin: 204,
+        TestUserTypes.superuser: 204,
+    }
+
+    if not user_type in [TestUserTypes.no_user, TestUserTypes.unauthenticated]:
+        team_member.team.add_member(user=user, role=TeamMemberRole.owner)
+        api_client.force_authenticate(user)
+
+    response = make_request(
+        api_client, team_member.team.name, team_member.user.username
+    )
+
+    assert response.status_code == user_type_result[user_type]
+
+    if response.status_code == 204:
+        assert not TeamMember.objects.filter(pk=team_member_pk).exists()
+    else:
+        assert TeamMember.objects.filter(pk=team_member_pk).exists()
+
+
+@pytest.mark.django_db
+def test_remove_team_member_success(api_client: APIClient, user: UserType, team: Team):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    just_a_member = TeamMemberFactory(team=team, role="member")
+    response = make_request(api_client, team.name, just_a_member.user.username)
+
+    assert response.status_code == 204
+
+
+@pytest.mark.django_db
+def test_remove_member_fail_because_user_is_not_a_member_in_team(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    another_team = TeamFactory()
+    member_in_another_team = TeamMemberFactory(team=another_team, role="owner")
+
+    response = make_request(api_client, team.name, member_in_another_team.user.username)
+
+    assert response.status_code == 404
+    assert response.json() == {"detail": "Not found."}
+
+
+@pytest.mark.django_db
+def test_remove_fail_team_does_not_exist(
+    api_client: APIClient,
+    user: UserType,
+):
+    api_client.force_authenticate(user)
+
+    response = make_request(api_client, "nonexistent", user.username)
+
+    assert response.status_code == 404
+    assert response.json() == {"detail": "Not found."}
+
+
+@pytest.mark.django_db
+def test_remove_fail_user_is_not_authenticated(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    just_a_member = TeamMemberFactory(team=team, role="member")
+
+    response = make_request(api_client, team.name, just_a_member.user.username)
+    expected_response = {"detail": "Authentication credentials were not provided."}
+
+    assert response.status_code == 401
+    assert response.json() == expected_response
+
+
+@pytest.mark.django_db
+def test_remove_fail_no_permission_to_access_team(
+    api_client: APIClient, user: UserType, team: Team
+):
+    api_client.force_authenticate(user)
+    owner = TeamMemberFactory(team=team, role="owner")
+
+    response = make_request(api_client, team.name, owner.user.username)
+    expected_response = {"non_field_errors": ["Must be a member to access team"]}
+
+    assert response.status_code == 400
+    assert response.json() == expected_response
+
+
+@pytest.mark.django_db
+def test_remove_fail_last_owner(api_client: APIClient, user: UserType, team: Team):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    response = make_request(api_client, team.name, user.username)
+    expected_response = {"non_field_errors": ["Cannot remove last owner from team"]}
+
+    assert response.status_code == 400
+    assert response.json() == expected_response

django/thunderstore/api/cyberstorm/views/__init__.py

@@ -19,6 +19,7 @@
 from .package_version_list import PackageVersionListAPIView
 from .team import (
     DisbandTeamAPIView,
+    RemoveTeamMemberAPIView,
     TeamAPIView,
     TeamCreateAPIView,
     TeamMemberAddAPIView,
@@ -49,4 +50,5 @@
     "UpdatePackageListingCategoriesAPIView",
     "RejectPackageListingAPIView",
     "ApprovePackageListingAPIView",
+    "RemoveTeamMemberAPIView",
 ]

django/thunderstore/api/cyberstorm/views/team.py

@@ -1,4 +1,3 @@
-from django.core.exceptions import ValidationError as DjangoValidationError
 from django.db.models import Q, QuerySet
 from rest_framework import status
 from rest_framework.exceptions import PermissionDenied, ValidationError
@@ -17,7 +16,11 @@
     CyberstormTeamMemberSerializer,
     CyberstormTeamSerializer,
 )
-from thunderstore.api.cyberstorm.services import team as team_services
+from thunderstore.api.cyberstorm.services.team import (
+    create_team,
+    disband_team,
+    remove_team_member,
+)
 from thunderstore.api.ordering import StrictOrderingFilter
 from thunderstore.api.utils import (
     CyberstormAutoSchemaMixin,
@@ -27,6 +30,21 @@
 from thunderstore.repository.models.team import Team, TeamMember
 
 
+def get_team_object_or_404(team_name: str) -> Team:
+    return get_object_or_404(
+        Team.objects.exclude(is_active=False),
+        name=team_name,
+    )
+
+
+def get_team_member_object_or_404(team_name: str, team_member: str) -> TeamMember:
+    return get_object_or_404(
+        TeamMember.objects.real_users(),
+        team__name=team_name,
+        user__username=team_member,
+    )
+
+
 class TeamPermissionsMixin:
     permission_classes = [IsAuthenticated]
 
@@ -66,7 +84,7 @@ def post(self, request, *args, **kwargs):
         serializer = CyberstormCreateTeamSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
         team_name = serializer.validated_data["name"]
-        team = team_services.create_team(user=request.user, team_name=team_name)
+        team = create_team(user=request.user, team_name=team_name)
         return_data = CyberstormTeamSerializer(team).data
         return Response(return_data, status=status.HTTP_201_CREATED)
 
@@ -135,5 +153,22 @@ class DisbandTeamAPIView(APIView):
     )
     def delete(self, request, *args, **kwargs):
         team_name = kwargs["team_name"]
-        team_services.disband_team(user=request.user, team_name=team_name)
+        disband_team(user=request.user, team_name=team_name)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+
+class RemoveTeamMemberAPIView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    @conditional_swagger_auto_schema(
+        operation_id="cyberstorm.team.member.remove",
+        tags=["cyberstorm"],
+        responses={status.HTTP_204_NO_CONTENT: ""},
+    )
+    def delete(self, request, *args, **kwargs):
+        team_member = get_team_member_object_or_404(
+            team_name=kwargs["team_name"],
+            team_member=kwargs["team_member"],
+        )
+        remove_team_member(agent=request.user, team_member=team_member)
         return Response(status=status.HTTP_204_NO_CONTENT)

django/thunderstore/api/urls.py

@@ -17,6 +17,7 @@
     PackageVersionReadmeAPIView,
     RatePackageAPIView,
     RejectPackageListingAPIView,
+    RemoveTeamMemberAPIView,
     TeamAPIView,
     TeamCreateAPIView,
     TeamMemberAddAPIView,
@@ -141,6 +142,11 @@
         TeamMemberAddAPIView.as_view(),
         name="cyberstorm.team.member.add",
     ),
+    path(
+        "team/<str:team_name>/member/<str:team_member>/remove/",
+        RemoveTeamMemberAPIView.as_view(),
+        name="cyberstorm.team.member.remove",
+    ),
     path(
         "team/<str:team_id>/service-account/",
         TeamServiceAccountListAPIView.as_view(),