Don't show deleted groups on table ACL page

Closes #22
datasette · Sep 2, 2024 · 8339644 · 8339644
1 parent acfc79d
commit 8339644
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 2 deletions.
diff --git a/datasette_acl/views/table_acls.py b/datasette_acl/views/table_acls.py
@@ -16,7 +16,7 @@ async def manage_table_acls(request, datasette):
     groups = [
         g["name"]
         for g in await datasette.get_internal_database().execute(
-            "select name from acl_groups"
+            "select name from acl_groups where deleted is null"
         )
     ]
 
@@ -43,7 +43,7 @@ async def manage_table_acls(request, datasette):
         from acl
         left join acl_groups on acl.group_id = acl_groups.id
         join acl_actions on acl.action_id = acl_actions.id
-        where acl.resource_id = ?
+        where acl.resource_id = ? and acl_groups.deleted is null
         """,
         [resource_id],
     )
@@ -274,6 +274,8 @@ async def manage_table_acls(request, datasette):
                 acl_groups
             left join
                 acl_actor_groups on acl_groups.id = acl_actor_groups.group_id
+            where
+                acl_groups.deleted is null
             group by
                 acl_groups.id, acl_groups.name
             """

diff --git a/tests/test_groups.py b/tests/test_groups.py
@@ -192,6 +192,27 @@ async def get_members():
         assert add_response.headers["location"] == "/-/acl/groups/sales#focus-add"
     # Check the group has those members
     assert await get_members() == {"sally", "sam", "paulo"}
+
+    # It should be shown on the table permissions page
+    table_page1 = await ds.client.get(
+        f"/db/t/-/acl",
+        cookies={
+            "ds_actor": ds.client.actor_cookie({"id": "root"}),
+            "ds_csrftoken": csrftoken,
+        },
+    )
+    assert "/groups/sales" in table_page1.text
+
+    # Add permissions for that group on that page, to test audit log later
+    await ds.client.post(
+        "/db/t/-/acl",
+        data={"group_permissions_sales_insert-row": "on", "csrftoken": csrftoken},
+        cookies={
+            "ds_actor": ds.client.actor_cookie({"id": "root"}),
+            "ds_csrftoken": csrftoken,
+        },
+    )
+
     # Deleting this group should first remove the members
     delete_group_response = await ds.client.post(
         "/-/acl/groups/sales",
@@ -211,6 +232,18 @@ async def get_members():
         await internal_db.execute("select deleted from acl_groups where name = 'sales'")
     ).single_value() == 1
 
+    # Should no longer show up on table ACL page
+    table_page2 = await ds.client.get(
+        f"/db/t/-/acl",
+        cookies={
+            "ds_actor": ds.client.actor_cookie({"id": "root"}),
+            "ds_csrftoken": csrftoken,
+        },
+    )
+    assert "/groups/sales" not in table_page2.text
+    # But it should still be visible in the audit log
+    assert "<td>sales</td>" in table_page2.text
+
     # Check the audit log
     audit_rows = [
         dict(r)