def delete_signature(uid):
'''Delete a signature from a signoff step.
'''
logger.info('Removing signature from step %s', uid)
try:
step = get_step_by_uid(uid)
except NoResultFound:
logger.error('No such step found %s', uid)
abort(404)
method = step.policy_data['method']
email = get_logged_in_email()
claim_group = request.json['group']
if not is_user_in_group(claim_group, method):
logger.error(
'User %s is not in the group %s when deleting signature %s', email,
claim_group, uid)
abort(403)
policy_definition = step.policy_data['definition']
if method == 'balrog':
balrog_endpoint = make_signoffs_uri(policy_definition)
return redirect(balrog_endpoint, code=307)
else:
existing_signatures = step.signatures
if not existing_signatures:
logger.error('No signatures on step %s when trying to remove %s',
uid, email)
abort(409)
try:
check_whether_policy_can_be_unsigned(email, claim_group,
policy_definition,
existing_signatures)
except UnauthorizedUserError as e:
logger.error(
'User %s not permitted to remove signature from step %s',
email, uid)
abort(403, str(e))
except NoSignaturePresentError as e:
logger.error(
'User %s attempting to remove missing signature from step %s',
email, uid)
abort(409, str(e))
except NoChangingCompletedPolicyError as e:
logger.error(
'User %s unable to modify completed policy in step %s', email,
uid)
abort(409, str(e))
delete_existing_signature(step, email, claim_group)
if not is_sign_off_policy_met(policy_definition, step.signatures):
step.state == SigningStatus.running
db.session.commit()
logger.info('Step %s state changed to running.', uid)
return {}
def test_error_check_whether_policy_can_be_unsigned(email, group_name, policy, existing_signatures, expected_exception):
with pytest.raises(expected_exception):
check_whether_policy_can_be_unsigned(email, group_name, policy, existing_signatures)
def test_check_whether_policy_can_be_unsigned(email, group_name, policy, existing_signatures):
check_whether_policy_can_be_unsigned(email, group_name, policy, existing_signatures)