Sergey Vanyushkin
46cc06b596
Основные изменения: - Добавлены E2E тесты для проверки ownership (TC-E2E-102/103): * test_admin_can_edit_any_post — admin может редактировать любой пост * test_user_cannot_edit_other_users_post — user не может редактировать чужой пост - Исправлены use cases (UpdatePost, DeletePost, PublishPost) — добавлена проверка роли admin - Обновлены web routes и API routes для передачи роли в use cases - Добавлены unit тесты для admin-сценариев Реструктуризация тестов: - Удалены старые API тесты (tests/api/) — требуют переработки - Удалены старые integration тесты (tests/integration/) - Переработаны E2E тесты: удалены старые, добавлены новые с POM - Добавлена документация тестов: FEATURE_*.md, TEST_MODEL.md, AGENTS.md Инфраструктура: - Добавлен MockKeycloakClient для dev-режима - Добавлены статические файлы: EasyMDE, Highlight.js, стили markdown - Обновлены шаблоны: base.html, post_form.html, post_detail.html - Обновлена DI конфигурация и провайдеры Документация: - tests/FEATURE_RBAC.md — матрица тестов RBAC - tests/FEATURE_POST_LIFECYCLE.md — тесты жизненного цикла поста - tests/FEATURE_DOMAIN_FOUNDATION.md — тесты доменного слоя - tests/FEATURE_INFRASTRUCTURE.md — тесты инфраструктуры - tests/TEST_MODEL.md — глобальная матрица покрытия - app/presentation/web/AGENTS.md — гайд по Web UI - tests/AGENTS.md — гайд по тестированию
70 lines
2.2 KiB
Python
70 lines
2.2 KiB
Python
"""Delete post use case.
|
|
|
|
This module implements the use case for deleting blog posts.
|
|
Includes authorization checks to ensure users can only delete their own posts.
|
|
"""
|
|
|
|
from uuid import UUID
|
|
|
|
from app.application.interfaces import TransactionManager
|
|
from app.domain.exceptions import ForbiddenException, NotFoundException
|
|
from app.domain.repositories import PostRepository
|
|
from app.domain.roles import Role
|
|
|
|
|
|
class DeletePostUseCase:
|
|
"""Use case for deleting a blog post.
|
|
|
|
Handles post deletion with authorization checks.
|
|
Users can only delete posts they authored.
|
|
|
|
Attributes:
|
|
_post_repo: Repository for post data access.
|
|
_tx_manager: Transaction manager for commit control.
|
|
|
|
Example:
|
|
>>> use_case = DeletePostUseCase(post_repo, tx_manager)
|
|
>>> await use_case.execute(post_id, user_id)
|
|
"""
|
|
|
|
def __init__(
|
|
self,
|
|
post_repo: PostRepository,
|
|
tx_manager: TransactionManager,
|
|
) -> None:
|
|
"""Initialize use case with dependencies.
|
|
|
|
Args:
|
|
post_repo: Repository for post operations.
|
|
tx_manager: Transaction manager instance.
|
|
"""
|
|
self._post_repo = post_repo
|
|
self._tx_manager = tx_manager
|
|
|
|
async def execute(
|
|
self,
|
|
post_id: UUID,
|
|
current_user_id: str,
|
|
current_role: Role = Role.USER,
|
|
) -> None:
|
|
"""Execute the use case to delete a post.
|
|
|
|
Args:
|
|
post_id: Unique identifier of the post to delete.
|
|
current_user_id: ID of the user requesting deletion.
|
|
current_role: Role of the requesting user (default USER).
|
|
|
|
Raises:
|
|
NotFoundException: If post with given ID does not exist.
|
|
ForbiddenException: If user is not the post author and not admin.
|
|
"""
|
|
post = await self._post_repo.get_by_id(post_id)
|
|
if not post:
|
|
raise NotFoundException(f"Post with id '{post_id}' not found")
|
|
|
|
if current_role != Role.ADMIN and post.author_id != current_user_id:
|
|
raise ForbiddenException("You can only delete your own posts")
|
|
|
|
await self._post_repo.delete(post_id)
|
|
await self._tx_manager.commit()
|