⚰️(backend) remove old routes in deposit

Old routes aren't used anymore, and are removed in deposit.

src/backend/marsha/deposit/api.py

@@ -25,6 +25,20 @@
 )
 
 
+class ObjectFileDepositoryRelatedMixin:
+    """
+    Get the related depository id contained in resource.
+
+    It exposes a function used to get the related depository.
+    """
+
+    def get_related_filedepository_id(self):
+        """Get the related file depository ID from the request."""
+
+        # The file depository ID in the URL is mandatory.
+        return self.kwargs.get("filedepository_id")
+
+
 class FileDepositoryFilter(django_filters.FilterSet):
     """Filter for file depository."""
 
@@ -195,57 +209,14 @@ def lti_select(self, request):
             }
         )
 
-    @action(
-        methods=["get"],
-        detail=True,
-        url_path="depositedfiles",
-        permission_classes=[
-            core_permissions.IsTokenInstructor
-            | core_permissions.IsTokenAdmin
-            | core_permissions.IsTokenStudent
-            | IsFileDepositoryPlaylistOrOrganizationAdmin
-        ],
-    )
-    # pylint: disable=unused-argument
-    def depositedfiles(self, request, pk=None):
-        """Get deposited files from a file_depository.
-
-        Calling the endpoint returns a list of deposited files.
-
-        Parameters
-        ----------
-        request : Type[django.http.request.HttpRequest]
-            The request on the API endpoint
-        pk : int
-            The primary key of the file_depository
-
-        Returns
-        -------
-        Type[rest_framework.response.Response]
-            HttpResponse carrying deposited files as a JSON object.
-
-        """
-        file_depository = self.get_object()
-        queryset = file_depository.deposited_files.all()
-        if request.resource and any(
-            x in LTI_ROLES.get(STUDENT) for x in request.resource.roles
-        ):
-            queryset = queryset.filter(author_id=request.resource.user.get("id"))
-        filter_set = DepositedFileFilter(request.query_params, queryset=queryset)
-        page = self.paginate_queryset(filter_set.qs)
-        serializer = serializers.DepositedFileSerializer(
-            page,
-            many=True,
-            context={"request": self.request},
-        )
-        return self.get_paginated_response(serializer.data)
-
 
 class DepositedFileViewSet(
     APIViewMixin,
     ObjectPkMixin,
     ObjectRelatedMixin,
+    ObjectFileDepositoryRelatedMixin,
     mixins.CreateModelMixin,
+    mixins.ListModelMixin,
     mixins.UpdateModelMixin,
     mixins.DestroyModelMixin,
     viewsets.GenericViewSet,
@@ -289,9 +260,44 @@ def get_permissions(self):
             permission_classes = self.permission_classes
         return [permission() for permission in permission_classes]
 
+    def list(self, request, *args, **kwargs):
+        """Get a list of deposited files.
+
+        Calling the endpoint returns a list of deposited files.
+
+        Parameters
+        ----------
+        request : Type[django.http.request.HttpRequest]
+            The request on the API endpoint
+
+        Returns
+        -------
+        Type[rest_framework.response.Response]
+            HttpResponse carrying deposited files as a JSON object.
+
+        """
+        queryset = self.filter_queryset(self.get_queryset())
+        if request.resource and any(
+            x in LTI_ROLES.get(STUDENT) for x in request.resource.roles
+        ):
+            queryset = queryset.filter(author_id=request.resource.user.get("id"))
+        filter_set = DepositedFileFilter(request.query_params, queryset=queryset)
+        page = self.paginate_queryset(filter_set.qs)
+        serializer = serializers.DepositedFileSerializer(
+            page,
+            many=True,
+            context={"request": self.request},
+        )
+        return self.get_paginated_response(serializer.data)
+
     @action(methods=["post"], detail=True, url_path="initiate-upload")
     # pylint: disable=unused-argument
-    def initiate_upload(self, request, pk=None):
+    def initiate_upload(
+        self,
+        request,
+        pk=None,
+        filedepository_id=None,
+    ):
         """Get an upload policy for a deposited file.
 
         Calling the endpoint resets the upload state to `pending` and returns an upload policy to

src/backend/marsha/deposit/permissions.py

@@ -108,10 +108,7 @@ def has_permission(self, request, view):
         which exists, and if the current user is an admin for the playlist this file depository
         is a part of or admin of the linked organization.
         """
-        try:
-            file_depository_id = view.get_related_object().file_depository.id
-        except (AttributeError, ObjectDoesNotExist):
-            file_depository_id = request.data.get("file_depository")
+        file_depository_id = view.get_related_filedepository_id()
 
         if not file_depository_id:
             return False

src/backend/marsha/deposit/tests/api/depositedfiles/test_create.py

@@ -45,7 +45,7 @@ def test_api_deposited_file_create_student_with_user_fullname(self):
         jwt_token = StudentLtiTokenFactory(resource=file_depository)
 
         response = self.client.post(
-            "/api/depositedfiles/",
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
             data=json.dumps(
@@ -93,7 +93,7 @@ def test_api_deposited_file_create_student_with_username(self):
         )
 
         response = self.client.post(
-            "/api/depositedfiles/",
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
             data=json.dumps(
                 {
                     "size": 123,
@@ -125,7 +125,7 @@ def test_api_deposited_file_create_student_without_username(self):
         )
 
         response = self.client.post(
-            "/api/depositedfiles/",
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
             data=json.dumps(
                 {
                     "size": 123,
@@ -153,7 +153,7 @@ def test_api_deposited_file_create_user_access_token(self):
         jwt_token = UserAccessTokenFactory(user=organization_access.user)
 
         response = self.client.post(
-            "/api/depositedfiles/",
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
             data=json.dumps(
@@ -197,7 +197,7 @@ def test_api_deposited_file_create_user_access_token_organization_admin(self):
         jwt_token = UserAccessTokenFactory(user=organization_access.user)
 
         response = self.client.post(
-            "/api/depositedfiles/",
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
             data=json.dumps(
@@ -240,7 +240,7 @@ def test_api_deposited_file_create_user_access_token_playlist_admin(self):
         jwt_token = UserAccessTokenFactory(user=playlist_access.user)
 
         response = self.client.post(
-            "/api/depositedfiles/",
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
             data=json.dumps(

src/backend/marsha/deposit/tests/api/depositedfiles/test_delete.py

@@ -33,7 +33,8 @@ def test_api_deposited_file_delete_student(self):
 
         self.assertEqual(DepositedFile.objects.count(), 1)
         response = self.client.delete(
-            f"/api/depositedfiles/{deposited_file.id}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id}/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
         )
@@ -49,7 +50,8 @@ def test_api_deposited_file_delete_instructor(self):
 
         self.assertEqual(DepositedFile.objects.count(), 1)
         response = self.client.delete(
-            f"/api/depositedfiles/{deposited_file.id!s}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id!s}/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
         )
@@ -66,7 +68,8 @@ def test_api_deposited_file_delete_user_access_token(self):
 
         self.assertEqual(DepositedFile.objects.count(), 1)
         response = self.client.delete(
-            f"/api/depositedfiles/{deposited_file.id}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id}/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
         )
@@ -82,7 +85,8 @@ def test_api_deposited_file_delete_user_access_token_organization_admin(self):
 
         self.assertEqual(DepositedFile.objects.count(), 1)
         response = self.client.delete(
-            f"/api/depositedfiles/{deposited_file.id!s}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id!s}/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
         )
@@ -100,7 +104,8 @@ def test_api_deposited_file_delete_user_access_token_playlist_admin(self):
 
         self.assertEqual(DepositedFile.objects.count(), 1)
         response = self.client.delete(
-            f"/api/depositedfiles/{deposited_file.id!s}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id!s}/",
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
         )

src/backend/marsha/deposit/tests/api/depositedfiles/test_initiate_upload.py

@@ -57,7 +57,8 @@ def test_api_deposited_file_initiate_upload_student(self):
         ) as mock_dt:
             mock_dt.utcnow = mock.Mock(return_value=now)
             response = self.client.post(
-                f"/api/depositedfiles/{deposited_file.id}/initiate-upload/",
+                f"/api/filedepositories/{deposited_file.file_depository.id}"
+                f"/depositedfiles/{deposited_file.id}/initiate-upload/",
                 {"filename": "foo.pdf", "mimetype": "application/pdf", "size": 10},
                 HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
                 content_type="application/json",
@@ -113,7 +114,8 @@ def test_api_deposited_file_initiate_upload_file_without_size(self):
         ) as mock_dt:
             mock_dt.utcnow = mock.Mock(return_value=now)
             response = self.client.post(
-                f"/api/depositedfiles/{deposited_file.id}/initiate-upload/",
+                f"/api/filedepositories/{deposited_file.file_depository.id}"
+                f"/depositedfiles/{deposited_file.id}/initiate-upload/",
                 {"filename": "foo.pdf", "mimetype": "application/pdf"},
                 HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
                 content_type="application/json",
@@ -140,7 +142,8 @@ def test_api_deposited_file_initiate_upload_file_too_large(self):
         ) as mock_dt:
             mock_dt.utcnow = mock.Mock(return_value=now)
             response = self.client.post(
-                f"/api/depositedfiles/{deposited_file.id}/initiate-upload/",
+                f"/api/filedepositories/{deposited_file.file_depository.id}"
+                f"/depositedfiles/{deposited_file.id}/initiate-upload/",
                 {"filename": "foo.pdf", "mimetype": "application/pdf", "size": 100},
                 HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
                 content_type="application/json",
@@ -174,7 +177,8 @@ def test_api_deposited_file_initiate_upload_user_access_token(self):
         ) as mock_dt:
             mock_dt.utcnow = mock.Mock(return_value=now)
             response = self.client.post(
-                f"/api/depositedfiles/{deposited_file.id}/initiate-upload/",
+                f"/api/filedepositories/{deposited_file.file_depository.id}"
+                f"/depositedfiles/{deposited_file.id}/initiate-upload/",
                 {"filename": "foo.pdf", "mimetype": "application/pdf", "size": 10},
                 HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
                 content_type="application/json",
@@ -239,7 +243,8 @@ def test_api_deposited_file_initiate_upload_user_access_token_organization_admin
         ) as mock_dt:
             mock_dt.utcnow = mock.Mock(return_value=now)
             response = self.client.post(
-                f"/api/depositedfiles/{deposited_file.id}/initiate-upload/",
+                f"/api/filedepositories/{deposited_file.file_depository.id}"
+                f"/depositedfiles/{deposited_file.id}/initiate-upload/",
                 {"filename": "foo.pdf", "mimetype": "application/pdf", "size": 10},
                 HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
                 content_type="application/json",
@@ -301,7 +306,8 @@ def test_api_deposited_file_initiate_upload_user_access_token_playlist_admin(sel
         ) as mock_dt:
             mock_dt.utcnow = mock.Mock(return_value=now)
             response = self.client.post(
-                f"/api/depositedfiles/{deposited_file.id}/initiate-upload/",
+                f"/api/filedepositories/{deposited_file.file_depository.id}"
+                f"/depositedfiles/{deposited_file.id}/initiate-upload/",
                 {"filename": "foo.pdf", "mimetype": "application/pdf", "size": 10},
                 HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
                 content_type="application/json",

src/backend/marsha/deposit/tests/api/depositedfiles/test_update.py

@@ -42,7 +42,8 @@ def test_api_deposited_file_update_student(self):
         data = {"read": True}
 
         response = self.client.patch(
-            f"/api/depositedfiles/{deposited_file.id}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id}/",
             json.dumps(data),
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
@@ -58,7 +59,8 @@ def test_api_deposited_file_update_instructor(self):
         data = {"read": True}
 
         response = self.client.patch(
-            f"/api/depositedfiles/{deposited_file.id!s}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id!s}/",
             data,
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
@@ -91,7 +93,8 @@ def test_api_deposited_file_update_user_access_token(self):
         data = {"read": True}
 
         response = self.client.patch(
-            f"/api/depositedfiles/{deposited_file.id}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id}/",
             json.dumps(data),
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
@@ -107,7 +110,8 @@ def test_api_deposited_file_update_user_access_token_organization_admin(self):
         data = {"read": True}
 
         response = self.client.patch(
-            f"/api/depositedfiles/{deposited_file.id!s}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id!s}/",
             data,
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",
@@ -141,7 +145,8 @@ def test_api_deposited_file_update_user_access_token_playlist_admin(self):
         data = {"read": True}
 
         response = self.client.patch(
-            f"/api/depositedfiles/{deposited_file.id!s}/",
+            f"/api/filedepositories/{deposited_file.file_depository.id}"
+            f"/depositedfiles/{deposited_file.id!s}/",
             data,
             HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
             content_type="application/json",

src/backend/marsha/deposit/tests/api/test_options.py

@@ -17,18 +17,22 @@ class DepositedFiletCreateAPITest(TestCase):
     def test_api_deposited_files_options_anonymous(self):
         """Anonymous user can't fetch the deposited files options endpoint"""
 
-        response = self.client.options("/api/depositedfiles/")
+        file_depository = FileDepositoryFactory()
+        response = self.client.options(
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/"
+        )
 
         self.assertEqual(response.status_code, 401)
 
     @override_settings(DEPOSITED_FILE_SOURCE_MAX_SIZE=10)
     def test_api_deposited_files_options_as_student(self):
         """A student can fetch the deposited files options endpoint"""
 
-        deposited_file = FileDepositoryFactory()
-        jwt_token = StudentLtiTokenFactory(resource=deposited_file)
+        file_depository = FileDepositoryFactory()
+        jwt_token = StudentLtiTokenFactory(resource=file_depository)
         response = self.client.options(
-            "/api/depositedfiles/", HTTP_AUTHORIZATION=f"Bearer {jwt_token}"
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
+            HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
         )
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json()["upload_max_size_bytes"], 10)
@@ -37,11 +41,12 @@ def test_api_deposited_files_options_as_student(self):
     def test_api_deposited_files_options_instructor(self):
         """An instructor can fetch the deposited files options endpoint"""
 
-        classroom = FileDepositoryFactory()
-        jwt_token = InstructorOrAdminLtiTokenFactory(resource=classroom)
+        file_depository = FileDepositoryFactory()
+        jwt_token = InstructorOrAdminLtiTokenFactory(resource=file_depository)
 
         response = self.client.options(
-            "/api/depositedfiles/", HTTP_AUTHORIZATION=f"Bearer {jwt_token}"
+            f"/api/filedepositories/{file_depository.id}/depositedfiles/",
+            HTTP_AUTHORIZATION=f"Bearer {jwt_token}",
         )
 
         self.assertEqual(response.status_code, 200)