Implement delete team member endpoint

* Implement endpoint in cyberstorm api for deleting team members
* Implement tests

Refs. TS-2315

Author: Roffenlund

django/thunderstore/api/cyberstorm/tests/test_remove_team_member.py

@@ -0,0 +1,103 @@
+import pytest
+from rest_framework.test import APIClient
+
+from thunderstore.core.types import UserType
+from thunderstore.repository.factories import TeamFactory, TeamMemberFactory
+from thunderstore.repository.models.team import Team
+
+
+def get_remove_team_member_url(team_name: str, team_member: str) -> str:
+    return f"/api/cyberstorm/team/{team_name}/member/{team_member}/remove/"
+
+
+def make_request(api_client: APIClient, team_name: str, team_member: str):
+    return api_client.delete(
+        get_remove_team_member_url(team_name, team_member),
+        content_type="application/json",
+    )
+
+
+@pytest.mark.django_db
+def test_remove_team_member_success(api_client: APIClient, user: UserType, team: Team):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    just_a_member = TeamMemberFactory(team=team, role="member")
+    response = make_request(api_client, team.name, just_a_member.user.username)
+
+    assert response.status_code == 204
+
+
+@pytest.mark.django_db
+def test_remove_member_fail_because_user_is_not_a_member_in_team(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    another_team = TeamFactory()
+    member_in_another_team = TeamMemberFactory(team=another_team, role="owner")
+
+    response = make_request(api_client, team.name, member_in_another_team.user.username)
+
+    assert response.status_code == 404
+    assert response.json() == {"detail": "Not found."}
+
+
+@pytest.mark.django_db
+def test_remove__fails_because_team_does_not_exist(
+    api_client: APIClient,
+    user: UserType,
+):
+    api_client.force_authenticate(user)
+
+    response = make_request(api_client, "nonexistent", user.username)
+
+    assert response.status_code == 404
+    assert response.json() == {"detail": "Not found."}
+
+
+@pytest.mark.django_db
+def test_remove_fail_because_user_is_not_authenticated(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    just_a_member = TeamMemberFactory(team=team, role="member")
+
+    response = make_request(api_client, team.name, just_a_member.user.username)
+    expected_response = {"detail": "Authentication credentials were not provided."}
+
+    assert response.status_code == 401
+    assert response.json() == expected_response
+
+
+@pytest.mark.django_db
+def test_remove_fail_no_permission_to_access_team(
+    api_client: APIClient, user: UserType, team: Team
+):
+    api_client.force_authenticate(user)
+    owner = TeamMemberFactory(team=team, role="owner")
+
+    response = make_request(api_client, team.name, owner.user.username)
+    expected_response = {"detail": "You do not have permission to access this team."}
+
+    assert response.status_code == 403
+    assert response.json() == expected_response
+
+
+@pytest.mark.django_db
+def test_remove_fail_because_last_owner(
+    api_client: APIClient, user: UserType, team: Team
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    response = make_request(api_client, team.name, user.username)
+    expected_response = {"non_field_errors": ["Cannot remove last owner from team"]}
+
+    assert response.status_code == 400
+    assert response.json() == expected_response

django/thunderstore/api/cyberstorm/views/__init__.py

@@ -19,6 +19,7 @@
 from .package_version_list import PackageVersionListAPIView
 from .team import (
     DisbandTeamAPIView,
+    RemoveTeamMemberAPIView,
     TeamAPIView,
     TeamCreateAPIView,
     TeamMemberAddAPIView,
@@ -49,4 +50,5 @@
     "UpdatePackageListingCategoriesAPIView",
     "RejectPackageListingAPIView",
     "ApprovePackageListingAPIView",
+    "RemoveTeamMemberAPIView",
 ]

django/thunderstore/api/cyberstorm/views/team.py

@@ -155,3 +155,33 @@ def check_permissions(self, request):
     )
     def delete(self, request, *args, **kwargs):
         return super().delete(request, *args, **kwargs)
+
+
+class RemoveTeamMemberAPIView(TeamPermissionsMixin, DestroyAPIView):
+    queryset = TeamMember.objects.real_users()
+
+    def check_permissions(self, request):
+        super().check_permissions(request)
+        team_member = self.get_object()
+
+        if team_member.user != request.user:
+            team_member.team.ensure_user_can_manage_members(request.user)
+        team_member.team.ensure_member_can_be_removed(team_member)
+
+    def get_object(self):
+        team_member = self.kwargs.get("team_member")
+        team_name = self.kwargs.get("team_name")
+
+        return get_object_or_404(
+            self.queryset,
+            team__name=team_name,
+            user__username=team_member,
+        )
+
+    @conditional_swagger_auto_schema(
+        operation_id="cyberstorm.team.member.remove",
+        tags=["cyberstorm"],
+        responses={status.HTTP_204_NO_CONTENT: ""},
+    )
+    def delete(self, request, *args, **kwargs):
+        return super().delete(request, *args, **kwargs)

django/thunderstore/api/urls.py

@@ -17,6 +17,7 @@
     PackageVersionReadmeAPIView,
     RatePackageAPIView,
     RejectPackageListingAPIView,
+    RemoveTeamMemberAPIView,
     TeamAPIView,
     TeamCreateAPIView,
     TeamMemberAddAPIView,
@@ -141,6 +142,11 @@
         TeamMemberAddAPIView.as_view(),
         name="cyberstorm.team.member.add",
     ),
+    path(
+        "team/<str:team_name>/member/<str:team_member>/remove/",
+        RemoveTeamMemberAPIView.as_view(),
+        name="cyberstorm.team.member.remove",
+    ),
     path(
         "team/<str:team_id>/service-account/",
         TeamServiceAccountListAPIView.as_view(),