fix(channel): member delete acts as leave; add coverage and docs

2026-03-08 19:44:42 +03:00
parent 744ded914d
commit 101f39771e
5 changed files with 61 additions and 3 deletions
--- a/app/chats/router.py
+++ b/app/chats/router.py
@@ -20,7 +20,7 @@ from app.chats.schemas import (
    ChatTitleUpdateRequest,
 )
 from app.chats import repository as chats_repository
-from app.chats.models import ChatType
+from app.chats.models import ChatMemberRole, ChatType
 from app.chats.service import (
    add_chat_member_for_user,
    ban_chat_member_for_user,
@@ -253,11 +253,19 @@ async def delete_chat(
    current_user: User = Depends(get_current_user),
 ) -> None:
    chat_before_delete = await chats_repository.get_chat_by_id(db, chat_id)
+    membership_before_delete = (
+        await chats_repository.get_chat_member(db, chat_id=chat_id, user_id=current_user.id) if chat_before_delete else None
+    )
    delete_for_all = bool(
        chat_before_delete
        and (
            (for_all and not chat_before_delete.is_saved)
-            or (chat_before_delete.type == ChatType.CHANNEL and not chat_before_delete.is_saved)
+            or (
+                chat_before_delete.type == ChatType.CHANNEL
+                and not chat_before_delete.is_saved
+                and membership_before_delete is not None
+                and membership_before_delete.role in {ChatMemberRole.OWNER, ChatMemberRole.ADMIN}
+            )
        )
    )
    await delete_chat_for_user(db, chat_id=chat_id, user_id=current_user.id, payload=ChatDeleteRequest(for_all=for_all))
--- a/app/chats/service.py
+++ b/app/chats/service.py
@@ -571,6 +571,12 @@ async def delete_chat_for_user(db: AsyncSession, *, chat_id: int, user_id: int,
    if chat.is_saved:
        await clear_chat_for_user(db, chat_id=chat_id, user_id=user_id)
        return
+    if chat.type == ChatType.CHANNEL and membership.role == ChatMemberRole.MEMBER:
+        if payload.for_all:
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions")
+        await repository.delete_chat_member(db, membership)
+        await db.commit()
+        return
    delete_for_all = (payload.for_all and not chat.is_saved) or chat.type == ChatType.CHANNEL
    if delete_for_all:
        if chat.type in {ChatType.GROUP, ChatType.CHANNEL} and membership.role not in {ChatMemberRole.OWNER, ChatMemberRole.ADMIN}:
--- a/docs/api-reference.md
+++ b/docs/api-reference.md
@@ -802,6 +802,14 @@ Response: `204`
 Auth required.  
 Response: `204`

+Behavior:
+
+- `saved messages`: clears personal history only (chat is not removed).
+- `channel` + role `owner/admin`: deletes channel for all members.
+- `channel` + role `member`: acts as leave channel (removes only current membership).
+- `group/private` with `for_all=false`: removes chat for current user only.
+- `for_all=true` (where allowed): deletes chat globally.
+
 ### POST `/api/v1/chats/{chat_id}/clear`

 Clear chat history for current user.
--- a/docs/core-checklist-status.md
+++ b/docs/core-checklist-status.md
@@ -31,7 +31,7 @@ Legend:
 22. Text Formatting - `PARTIAL` (bold/italic/underline/spoiler/mono/links + strikethrough + quote/code block; toolbar still evolving)
 23. Groups - `PARTIAL` (create/add/remove/invite link; advanced moderation partial)
 24. Roles - `DONE` (owner/admin/member)
-25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; remaining UX moderation tools limited)
+25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; channel member delete now behaves as leave, remaining UX moderation tools limited)
 26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; UX edge-cases still polishing)
 27. Channel Types - `DONE` (public/private)
 28. Notifications - `PARTIAL` (browser notifications + mute/settings; no mobile push infra)
--- a/tests/test_chat_message_flow.py
+++ b/tests/test_chat_message_flow.py
@@ -126,6 +126,42 @@ async def test_group_ban_blocks_rejoin(client, db_session):
    assert rejoin_response.status_code == 403


+async def test_channel_member_delete_chat_behaves_as_leave(client, db_session):
+    owner = await _create_verified_user(client, db_session, "channel_owner@example.com", "channel_owner", "strongpass123")
+    member = await _create_verified_user(client, db_session, "channel_member@example.com", "channel_member", "strongpass123")
+
+    me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"})
+    member_id = me_member.json()["id"]
+
+    create_channel = await client.post(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+        json={"type": ChatType.CHANNEL.value, "title": "Test channel", "member_ids": [member_id]},
+    )
+    assert create_channel.status_code == 200
+    chat_id = create_channel.json()["id"]
+
+    delete_by_member = await client.delete(
+        f"/api/v1/chats/{chat_id}",
+        headers={"Authorization": f"Bearer {member['access_token']}"},
+    )
+    assert delete_by_member.status_code == 204
+
+    member_chats = await client.get(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {member['access_token']}"},
+    )
+    assert member_chats.status_code == 200
+    assert all(chat["id"] != chat_id for chat in member_chats.json())
+
+    owner_chats = await client.get(
+        "/api/v1/chats",
+        headers={"Authorization": f"Bearer {owner['access_token']}"},
+    )
+    assert owner_chats.status_code == 200
+    assert any(chat["id"] == chat_id for chat in owner_chats.json())
+
+
 async def test_group_invite_privacy_contacts_only(client, db_session):
    inviter = await _create_verified_user(client, db_session, "invite_u1@example.com", "invite_u1", "strongpass123")
    target = await _create_verified_user(client, db_session, "invite_u2@example.com", "invite_u2", "strongpass123")