BED-4707 moved unsharing to DELETE on /saved-queries/permissions to b…

…etter align the endpoint with a resource rather than a verb

cmd/api/src/api/registration/v2.go

@@ -164,8 +164,8 @@ func NewV2API(cfg config.Configuration, resources v2.Resources, routerInst *rout
 		routerInst.GET("/api/v2/saved-queries", resources.ListSavedQueries).RequirePermissions(permissions.SavedQueriesRead),
 		routerInst.POST("/api/v2/saved-queries", resources.CreateSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
 		routerInst.PUT(fmt.Sprintf("/api/v2/saved-queries/{%s}", api.URIPathVariableSavedQueryID), resources.UpdateSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
-		routerInst.PUT(fmt.Sprintf("/api/v2/saved-queries/{%s}/unshare", api.URIPathVariableSavedQueryID), resources.UnshareSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
 		routerInst.DELETE(fmt.Sprintf("/api/v2/saved-queries/{%s}", api.URIPathVariableSavedQueryID), resources.DeleteSavedQuery).RequirePermissions(permissions.SavedQueriesWrite),
+		routerInst.DELETE(fmt.Sprintf("/api/v2/saved-queries/{%s}/permissions", api.URIPathVariableSavedQueryID), resources.DeleteSavedQueryPermissions).RequirePermissions(permissions.SavedQueriesWrite),
 
 		// Azure Entity API
 		routerInst.GET("/api/v2/azure/{entity_type}", resources.GetAZEntity).RequirePermissions(permissions.GraphDBRead),

cmd/api/src/api/v2/saved_queries.go

@@ -251,11 +251,11 @@ type UnshareSavedQueryRequest struct {
 	Self    bool        `json:"self"`
 }
 
-// UnshareSavedQuery allows an owner of a shared query, a user that has a saved query shared to them, or an admin, to remove sharing privileges.
+// DeleteSavedQueryPermissions allows an owner of a shared query, a user that has a saved query shared to them, or an admin, to remove sharing privileges.
 // A user who owns a query may unshare a query from anyone they have shared to
 // A user who had a query shared to them may unshare that query from themselves
 // And admins may unshare queries that have been shared to other users
-func (s Resources) UnshareSavedQuery(response http.ResponseWriter, request *http.Request) {
+func (s Resources) DeleteSavedQueryPermissions(response http.ResponseWriter, request *http.Request) {
 	var (
 		rawSavedQueryID = mux.Vars(request)[api.URIPathVariableSavedQueryID]
 		unshareRequest  UnshareSavedQueryRequest

cmd/api/src/api/v2/saved_queries_test.go

@@ -1398,7 +1398,7 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 	userId3, err := uuid2.NewV4()
 	require.Nil(t, err)
 
-	endpoint := "/api/v2/saved-queries/{%s}/unshare"
+	endpoint := "/api/v2/saved-queries/{%s}/permissions"
 	savedQueryId := "1"
 
 	t.Run("user can unshare their owned saved query", func(t *testing.T) {
@@ -1417,14 +1417,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 
 		mockDB.EXPECT().DeleteSavedQueryPermissionsForUsers(gomock.Any(), int64(1), gomock.Any()).Return(nil)
 
-		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
+		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusNoContent, response.Code)
@@ -1444,14 +1444,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 
 		mockDB.EXPECT().DeleteSavedQueryPermissionsForUsers(gomock.Any(), int64(1), gomock.Any()).Return(nil)
 
-		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
+		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusNoContent, response.Code)
@@ -1471,14 +1471,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 
 		mockDB.EXPECT().DeleteSavedQueryPermissionsForUser(gomock.Any(), int64(1), userId).Return(fmt.Errorf("an error"))
 
-		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
+		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusInternalServerError, response.Code)
@@ -1498,14 +1498,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 
 		mockDB.EXPECT().DeleteSavedQueryPermissionsForUser(gomock.Any(), int64(1), userId).Return(nil)
 
-		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
+		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusNoContent, response.Code)
@@ -1522,14 +1522,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 		mockDB.EXPECT().SavedQueryBelongsToUser(gomock.Any(), userId, int64(1)).Return(false, nil)
 
 		var userIds []uuid.UUID
-		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
+		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(userIds))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusUnauthorized, response.Code)
@@ -1549,14 +1549,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 
 		mockDB.EXPECT().DeleteSavedQueryPermissionsForUsers(gomock.Any(), int64(1), gomock.Any()).Return(fmt.Errorf("an error"))
 
-		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
+		req, err := http.NewRequestWithContext(createContextWithAdminOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusInternalServerError, response.Code)
@@ -1576,14 +1576,14 @@ func TestResources_UnshareSavedQuery(t *testing.T) {
 			UserIds: []uuid2.UUID{userId2, userId3},
 		}
 
-		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodPut, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
+		req, err := http.NewRequestWithContext(createContextWithOwnerId(userId), http.MethodDelete, fmt.Sprintf(endpoint, savedQueryId), must.MarshalJSONReader(payload))
 		require.Nil(t, err)
 
 		req.Header.Set(headers.ContentType.String(), mediatypes.ApplicationJson.String())
 		req = mux.SetURLVars(req, map[string]string{api.URIPathVariableSavedQueryID: savedQueryId})
 
 		response := httptest.NewRecorder()
-		handler := http.HandlerFunc(resources.UnshareSavedQuery)
+		handler := http.HandlerFunc(resources.DeleteSavedQueryPermissions)
 
 		handler.ServeHTTP(response, req)
 		assert.Equal(t, http.StatusInternalServerError, response.Code)