Update DeleteServiceAccountAPIView to use delete

- Inherit DestroyAPIView in DeleteServiceAccountAPIView.
- Use delete() instead of post() for deleting service accounts.
- Add uuid to URL instead of sending a payload to the DELETE endpoint.
- Update tests accordingly.

Refs. TS-2320

Author: Roffenlund

django/thunderstore/api/cyberstorm/serializers/service_account.py

@@ -5,7 +5,3 @@ class CreateServiceAccountSerializer(serializers.Serializer):
     nickname = serializers.CharField(max_length=32)
     team_name = serializers.CharField(read_only=True)
     api_token = serializers.CharField(read_only=True)
-
-
-class DeleteServiceAccountSerializer(serializers.Serializer):
-    uuid = serializers.UUIDField()

django/thunderstore/api/cyberstorm/tests/test_delete_service_account.py

@@ -1,5 +1,3 @@
-import json
-
 import pytest
 from django.contrib.auth import get_user_model
 from rest_framework.test import APIClient
@@ -10,14 +8,13 @@
 User = get_user_model()
 
 
-def get_delete_service_account_url(team_name: str) -> str:
-    return f"/api/cyberstorm/team/{team_name}/service-account/delete/"
+def get_delete_service_account_url(team_name: str, uuid: str) -> str:
+    return f"/api/cyberstorm/team/{team_name}/service-account/delete/{uuid}/"
 
 
 def make_request(api_client: APIClient, team_name: str, account: ServiceAccount):
-    return api_client.post(
-        path=get_delete_service_account_url(team_name),
-        data=json.dumps({"uuid": str(account.uuid)}),
+    return api_client.delete(
+        path=get_delete_service_account_url(team_name, account.uuid),
         content_type="application/json",
     )
 
@@ -46,8 +43,10 @@ def test_delete_service_account_fail_user_is_not_authenticated(
     assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1
 
     response = make_request(api_client, team.name, service_account)
-    assert response.status_code == 401
+    expected_response = {"detail": "Authentication credentials were not provided."}
 
+    assert response.status_code == 401
+    assert response.json() == expected_response
     assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1
 
 
@@ -63,8 +62,10 @@ def test_delete_service_account_fails_because_user_is_not_team_member(
     api_client.force_authenticate(non_team_user)
 
     response = make_request(api_client, team.name, service_account)
-    assert response.status_code == 403
+    expected_response = {"detail": "User does not have permission to access this team."}
 
+    assert response.status_code == 403
+    assert response.json() == expected_response
     assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1
 
 
@@ -78,8 +79,13 @@ def test_delete_service_account_fail_because_user_is_not_team_owner(
     assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1
 
     api_client.force_authenticate(team_member.user)
-
     response = make_request(api_client, team.name, service_account)
-    assert response.status_code == 403
 
+    error_message = (
+        "User does not have permission to delete service accounts for this team."
+    )
+    expected_response = {"detail": error_message}
+
+    assert response.status_code == 403
+    assert response.json() == expected_response
     assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1

django/thunderstore/api/cyberstorm/views/service_account.py

@@ -1,14 +1,13 @@
 from django.http import HttpRequest
 from rest_framework import status
 from rest_framework.exceptions import PermissionDenied
-from rest_framework.generics import CreateAPIView, GenericAPIView, get_object_or_404
+from rest_framework.generics import CreateAPIView, DestroyAPIView, get_object_or_404
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 
 from thunderstore.account.models import ServiceAccount
 from thunderstore.api.cyberstorm.serializers.service_account import (
     CreateServiceAccountSerializer,
-    DeleteServiceAccountSerializer,
 )
 from thunderstore.api.utils import conditional_swagger_auto_schema
 from thunderstore.repository.models import Team
@@ -69,9 +68,9 @@ def post(self, request, *args, **kwargs) -> Response:
         return super().post(request, *args, **kwargs)
 
 
-class DeleteServiceAccountAPIView(TeamPermissionMixin, GenericAPIView):
+class DeleteServiceAccountAPIView(TeamPermissionMixin, DestroyAPIView):
     queryset = ServiceAccount.objects.all()
-    serializer_class = DeleteServiceAccountSerializer
+    lookup_field = "uuid"
 
     def check_permissions(self, request: HttpRequest) -> None:
         super().check_permissions(request)
@@ -81,30 +80,10 @@ def check_permissions(self, request: HttpRequest) -> None:
                 "for this team."
             )
 
-    def get_object(self, uuid: str) -> ServiceAccount:
-        team_name = self.kwargs.get("team_name")
-        obj = get_object_or_404(
-            ServiceAccount,
-            owner__name__iexact=team_name,
-            uuid=uuid,
-        )
-        return obj
-
-    def perform_delete(self, request, *args, **kwargs) -> Response:
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        uuid = serializer.validated_data["uuid"]
-
-        service_account = self.get_object(uuid=uuid)
-        service_account.delete()
-
-        return Response(status=status.HTTP_204_NO_CONTENT)
-
     @conditional_swagger_auto_schema(
-        request_body=serializer_class,
         responses={status.HTTP_204_NO_CONTENT: ""},
         operation_id="cyberstorm.team.service-account.delete",
         tags=["cyberstorm"],
     )
-    def post(self, request, *args, **kwargs) -> Response:
-        return self.perform_delete(request, *args, **kwargs)
+    def delete(self, request, *args, **kwargs) -> Response:
+        return super().delete(request, *args, **kwargs)

django/thunderstore/api/urls.py

@@ -118,7 +118,7 @@
         name="cyberstorm.team.service-account.create",
     ),
     path(
-        "team/<str:team_name>/service-account/delete/",
+        "team/<str:team_name>/service-account/delete/<uuid:uuid>/",
         DeleteServiceAccountAPIView.as_view(),
         name="cyberstorm.team.service-account.delete",
     ),