Ensure a project cannot be deleted through the API while a pipeline is running (#439)

tdruez · web-flow · commit 777167e22144 · 2022-05-13T10:06:30.000+04:00
* Ensure project cannot be deleted in the API while a pipeline is running #402 Signed-off-by: Thomas Druez <tdruez@nexb.com>
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -26,6 +26,9 @@ v31.0.0 (next)
 - Add new SCANCODEIO_REDIS_PASSWORD environment variable and setting
   to optionally set Redis instance password
 
+- Ensure a project cannot be deleted through the API while a pipeline is running.
+  https://github.com/nexB/scancode.io/issues/402
+
 v30.2.0 (2021-12-17)
 --------------------
 
diff --git a/scanpipe/api/views.py b/scanpipe/api/views.py
@@ -261,6 +261,12 @@ def add_input(self, request, *args, **kwargs):
 
         return Response({"status": "Input(s) added."})
 
+    def destroy(self, request, *args, **kwargs):
+        try:
+            return super().destroy(request, *args, **kwargs)
+        except RunInProgressError as error:
+            return Response({"status": str(error)}, status=status.HTTP_400_BAD_REQUEST)
+
     @action(detail=True, methods=["get", "post"])
     def archive(self, request, *args, **kwargs):
         project = self.get_object()
diff --git a/scanpipe/tests/test_api.py b/scanpipe/tests/test_api.py
@@ -373,6 +373,25 @@ def test_scanpipe_api_project_action_summary(self):
         self.assertEqual(status.HTTP_200_OK, response.status_code)
         self.assertEqual(10, len(response.data.keys()))
 
+    def test_scanpipe_api_project_action_delete(self):
+        run = self.project1.add_pipeline("docker")
+        run.set_task_started(task_id=uuid.uuid4())
+        self.assertEqual(run.Status.RUNNING, run.status)
+
+        response = self.csrf_client.delete(self.project1_detail_url)
+        self.assertEqual(status.HTTP_400_BAD_REQUEST, response.status_code)
+        expected = (
+            "Cannot execute this action until all associated pipeline runs are "
+            "completed."
+        )
+        self.assertEqual(expected, response.data["status"])
+
+        run.set_task_ended(exitcode=0)
+        self.assertEqual(run.Status.SUCCESS, run.status)
+        response = self.csrf_client.delete(self.project1_detail_url)
+        self.assertEqual(status.HTTP_204_NO_CONTENT, response.status_code)
+        self.assertFalse(Project.objects.filter(pk=self.project1.pk).exists())
+
     def test_scanpipe_api_project_action_archive(self):
         (self.project1.input_path / "input_file").touch()
         (self.project1.codebase_path / "codebase_file").touch()
