Cleanup unused project API

MerginMaps · Dec 20, 2024 · 8389be3 · 8389be3
1 parent 549ce73
commit 8389be3
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 70 deletions.
diff --git a/server/mergin/sync/private_api.yaml b/server/mergin/sync/private_api.yaml
@@ -329,6 +329,7 @@ paths:
         required: true
         schema:
           type: string
+    #  // Kept for EE (collaborators + invitation) access, TODO: remove when a separate invitation endpoint is implemented
     get:
       tags:
         - project
@@ -351,30 +352,18 @@ paths:
           $ref: "#/components/responses/NotFoundResp"
       x-openapi-router-controller: mergin.sync.private_api_controller
     patch:
-      summary: Update direct project access (sharing)
+      summary: Update public project flag
       operationId: update_project_access
       requestBody:
         description: Request data
-        required: true
         content:
           application/json:
             schema:
               type: object
               properties:
-                user_id:
-                  type: integer
                 public:
                   type: boolean
                   nullable: true
-                role:
-                  type: string
-                  enum:
-                    - owner
-                    - writer
-                    - editor
-                    - reader
-                    - none
-                  example: writer
       responses:
         "200":
           $ref: "#/components/schemas/ProjectAccessUpdated"

diff --git a/server/mergin/sync/workspace.py b/server/mergin/sync/workspace.py
@@ -307,6 +307,7 @@ def access_requests_query():
         """Project access base query"""
         return AccessRequest.query.join(Project)
 
+    # not used in CE, TODO: remove together with EE when it's replaced there
     def project_access(self, project: Project) -> List[ProjectAccessDetail]:
         """
         Project access users overview

diff --git a/server/mergin/tests/test_private_project_api.py b/server/mergin/tests/test_private_project_api.py
@@ -335,70 +335,14 @@ def test_template_projects(client):
 def test_update_project_access(client, diff_project):
     url = f"/app/project/{diff_project.id}/access"
     original_creator_id = diff_project.creator.id
-    # create user and grant him write access
-    user = add_user("reader", "reader")
-    assert not diff_project.get_role(user.id)
-
-    data = {"user_id": user.id, "role": "none"}
-    # nothing happens
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 200
-    assert not diff_project.get_role(user.id)
-
-    # grant read access
-    data["role"] = "reader"
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 200
-    assert diff_project.get_role(user.id) is ProjectRole.READER
-
-    # grant editor access
-    data["role"] = "editor"
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 200
-    assert diff_project.get_role(user.id) is ProjectRole.EDITOR
-
-    # change to write access
-    data["role"] = "writer"
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 200
-    assert diff_project.get_role(user.id) is ProjectRole.WRITER
-
-    # downgrade to read access
-    data["role"] = "reader"
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 200
-    assert diff_project.get_role(user.id) is ProjectRole.READER
-
-    # remove access
-    data["role"] = "none"
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 200
-    assert not diff_project.get_role(user.id)
+    data = {}
 
     # update public parameter => public: True
     data["public"] = True
     resp = client.patch(url, headers=json_headers, data=json.dumps(data))
     assert resp.status_code == 200
     assert diff_project.public == True
 
-    # access of project creator can be removed
-    data["user_id"] = diff_project.creator_id
-    resp = client.patch(
-        f"/app/project/{diff_project.id}/access",
-        headers=json_headers,
-        data=json.dumps(data),
-    )
-    assert resp.status_code == 200
-    db.session.rollback()
-    assert not diff_project.get_role(user.id)
-    assert diff_project.creator_id == original_creator_id
-
-    # try to grant access to inaccessible user
-    data = {"user_id": 100, "role": "reader"}
-    # nothing happens
-    resp = client.patch(url, headers=json_headers, data=json.dumps(data))
-    assert resp.status_code == 404
-
 
 def test_restore_project(client, diff_project):
     """Test delete project by user and restore by admin"""