From 30468343f90d0ad490605f9c56534ddf0104a48b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 19 Feb 2016 17:01:56 +0100
Subject: [PATCH] api: add new endpoint to remove a draft (#10038)

---
 tests/test_api.py | 24 ++++++++++++++++++++++++
 wcs/api.py        | 17 ++++++++++++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/tests/test_api.py b/tests/test_api.py
index c8a264e..3171317 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -844,3 +844,27 @@ def test_formdefs_api(pub, local_user):
                                         'publication_date', 'detailed_emails',
                                         'disabled_redirection'])
     assert len(resp.json['workflow_schema']['statuses']) == 2
+
+def test_user_remove_draft(pub, local_user):
+    FormDef.wipe()
+    formdef = FormDef()
+    formdef.name = 'test'
+    formdef.fields = []
+    formdef.store()
+
+    formdata = formdef.data_class()()
+    formdata.status = 'draft'
+    formdata.store()
+
+    uri = '/api/user/removedraft?formdef=%s&id=%s' % (formdef.url_name, formdata.id)
+    resp = get_app(pub).get(sign_uri(uri), status=403)
+    resp = get_app(pub).get(sign_uri(uri, user=local_user), status=403)
+    formdata.status = 'wf-new'
+    formdata.store()
+    resp = get_app(pub).get(sign_uri(uri, user=local_user), status=403)
+
+    formdata.status = 'draft'
+    formdata.user_id = local_user.id
+    formdata.store()
+    resp = get_app(pub).get(sign_uri(uri, user=local_user))
+    assert resp.json['err'] == 0
diff --git a/wcs/api.py b/wcs/api.py
index f168375..abc74eb 100644
--- a/wcs/api.py
+++ b/wcs/api.py
@@ -407,7 +407,7 @@ class ApiCategoriesDirectory(Directory):
 
 
 class ApiUserDirectory(Directory):
-    _q_exports = ['', 'forms', 'drafts']
+    _q_exports = ['', 'forms', 'drafts', 'removedraft']
 
     def __init__(self, user=None):
         self.user = user
@@ -505,6 +505,21 @@ class ApiUserDirectory(Directory):
                 cls=misc.JSONEncoder,
                 encoding=get_publisher().site_charset)
 
+    def removedraft(self):
+        # query string: ?formdef=<urlname>&id=<id>
+        get_response().set_content_type('application/json')
+        user = self.user or get_user_from_api_query_string()
+        if not user:
+            raise AccessForbiddenError('no user specified')
+        formdef = FormDef.get_by_urlname(get_request().form.get('formdef'))
+        formdata = formdef.data_class().get(get_request().form.get('id'))
+        if str(formdata.user_id) != str(user.id):
+            raise AccessForbiddenError('not yours')
+        if not formdata.is_draft():
+            raise AccessForbiddenError('not a draft')
+        formdata.remove_self()
+        return json.dumps({'err': 0}, indent=2)
+
 
 class ApiUsersDirectory(Directory):
     _q_exports = ['']
-- 
2.7.0