diff --git a/app/chats/router.py b/app/chats/router.py index d0163e7..b3f526f 100644 --- a/app/chats/router.py +++ b/app/chats/router.py @@ -20,7 +20,7 @@ from app.chats.schemas import ( ChatTitleUpdateRequest, ) from app.chats import repository as chats_repository -from app.chats.models import ChatType +from app.chats.models import ChatMemberRole, ChatType from app.chats.service import ( add_chat_member_for_user, ban_chat_member_for_user, @@ -253,11 +253,19 @@ async def delete_chat( current_user: User = Depends(get_current_user), ) -> None: chat_before_delete = await chats_repository.get_chat_by_id(db, chat_id) + membership_before_delete = ( + await chats_repository.get_chat_member(db, chat_id=chat_id, user_id=current_user.id) if chat_before_delete else None + ) delete_for_all = bool( chat_before_delete and ( (for_all and not chat_before_delete.is_saved) - or (chat_before_delete.type == ChatType.CHANNEL and not chat_before_delete.is_saved) + or ( + chat_before_delete.type == ChatType.CHANNEL + and not chat_before_delete.is_saved + and membership_before_delete is not None + and membership_before_delete.role in {ChatMemberRole.OWNER, ChatMemberRole.ADMIN} + ) ) ) await delete_chat_for_user(db, chat_id=chat_id, user_id=current_user.id, payload=ChatDeleteRequest(for_all=for_all)) diff --git a/app/chats/service.py b/app/chats/service.py index 15180c4..00d5cda 100644 --- a/app/chats/service.py +++ b/app/chats/service.py @@ -571,6 +571,12 @@ async def delete_chat_for_user(db: AsyncSession, *, chat_id: int, user_id: int, if chat.is_saved: await clear_chat_for_user(db, chat_id=chat_id, user_id=user_id) return + if chat.type == ChatType.CHANNEL and membership.role == ChatMemberRole.MEMBER: + if payload.for_all: + raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions") + await repository.delete_chat_member(db, membership) + await db.commit() + return delete_for_all = (payload.for_all and not chat.is_saved) or chat.type == ChatType.CHANNEL if delete_for_all: if chat.type in {ChatType.GROUP, ChatType.CHANNEL} and membership.role not in {ChatMemberRole.OWNER, ChatMemberRole.ADMIN}: diff --git a/docs/api-reference.md b/docs/api-reference.md index 66b83e0..d8431be 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -802,6 +802,14 @@ Response: `204` Auth required. Response: `204` +Behavior: + +- `saved messages`: clears personal history only (chat is not removed). +- `channel` + role `owner/admin`: deletes channel for all members. +- `channel` + role `member`: acts as leave channel (removes only current membership). +- `group/private` with `for_all=false`: removes chat for current user only. +- `for_all=true` (where allowed): deletes chat globally. + ### POST `/api/v1/chats/{chat_id}/clear` Clear chat history for current user. diff --git a/docs/core-checklist-status.md b/docs/core-checklist-status.md index 9f0c0bc..dbf8a49 100644 --- a/docs/core-checklist-status.md +++ b/docs/core-checklist-status.md @@ -31,7 +31,7 @@ Legend: 22. Text Formatting - `PARTIAL` (bold/italic/underline/spoiler/mono/links + strikethrough + quote/code block; toolbar still evolving) 23. Groups - `PARTIAL` (create/add/remove/invite link; advanced moderation partial) 24. Roles - `DONE` (owner/admin/member) -25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; remaining UX moderation tools limited) +25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban API for groups/channels; channel member delete now behaves as leave, remaining UX moderation tools limited) 26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; UX edge-cases still polishing) 27. Channel Types - `DONE` (public/private) 28. Notifications - `PARTIAL` (browser notifications + mute/settings; no mobile push infra) diff --git a/tests/test_chat_message_flow.py b/tests/test_chat_message_flow.py index f29cdeb..153ffa4 100644 --- a/tests/test_chat_message_flow.py +++ b/tests/test_chat_message_flow.py @@ -126,6 +126,42 @@ async def test_group_ban_blocks_rejoin(client, db_session): assert rejoin_response.status_code == 403 +async def test_channel_member_delete_chat_behaves_as_leave(client, db_session): + owner = await _create_verified_user(client, db_session, "channel_owner@example.com", "channel_owner", "strongpass123") + member = await _create_verified_user(client, db_session, "channel_member@example.com", "channel_member", "strongpass123") + + me_member = await client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {member['access_token']}"}) + member_id = me_member.json()["id"] + + create_channel = await client.post( + "/api/v1/chats", + headers={"Authorization": f"Bearer {owner['access_token']}"}, + json={"type": ChatType.CHANNEL.value, "title": "Test channel", "member_ids": [member_id]}, + ) + assert create_channel.status_code == 200 + chat_id = create_channel.json()["id"] + + delete_by_member = await client.delete( + f"/api/v1/chats/{chat_id}", + headers={"Authorization": f"Bearer {member['access_token']}"}, + ) + assert delete_by_member.status_code == 204 + + member_chats = await client.get( + "/api/v1/chats", + headers={"Authorization": f"Bearer {member['access_token']}"}, + ) + assert member_chats.status_code == 200 + assert all(chat["id"] != chat_id for chat in member_chats.json()) + + owner_chats = await client.get( + "/api/v1/chats", + headers={"Authorization": f"Bearer {owner['access_token']}"}, + ) + assert owner_chats.status_code == 200 + assert any(chat["id"] == chat_id for chat in owner_chats.json()) + + async def test_group_invite_privacy_contacts_only(client, db_session): inviter = await _create_verified_user(client, db_session, "invite_u1@example.com", "invite_u1", "strongpass123") target = await _create_verified_user(client, db_session, "invite_u2@example.com", "invite_u2", "strongpass123")