DMGT-TECH · k1ch · Jan 26, 2024 · Jan 25, 2024 · Jan 25, 2024 · Jan 26, 2024
diff --git a/database/layer/admin-persona.js b/database/layer/admin-persona.js
@@ -73,9 +73,29 @@ const insertPersonaByTenantKey = async (tenantKey, subClaim, userContext = '') =
   }
 }
 
+/**
+ * Get persona by personaKey
+ *
+ * @param {number} personaKey - The persona key
+ * @returns {Promise<Object>} - A promise that resolves to the persona object with matching personaKey
+ */
 const getPersona = async (personaKey) => {
   try {
-    return await usherDb('personas').select('*').where({ key: personaKey }).first();
+    return await usherDb('personas').select('*').where({ key: personaKey }).first()
+  } catch (err) {
+    throw pgErrorHandler(err)
+  }
+}
+
+/**
+ * Delete a persona record by persona key
+ *
+ * @param {number} personaKey - The persona key to delete
+ * @returns {Promise<number>} - A promise that resolves to the number of deleted records
+ */
+const deletePersonaByKey = async (personaKey) => {
+  try {
+    return await usherDb('personas').where({ key: personaKey }).del()
   } catch (err) {
     throw pgErrorHandler(err)
   }
@@ -87,4 +107,5 @@ module.exports = {
   updatePersona,
   insertPersonaByTenantKey,
   getPersona,
+  deletePersonaByKey,
 }
diff --git a/database/test/db-admin-persona.test.js b/database/test/db-admin-persona.test.js
@@ -64,4 +64,56 @@ describe('Admin persona view', () => {
       assert.strictEqual(persona, undefined)
     })
   })
+
+  describe('Test Delete personas by key', () => {
+    let testPersonaKey
+    let validPermissionKey
+    let validRoleKey
+    let validTenantKey
+    const invalidPersonaKey = 999999
+
+    before(async () => {
+      const { key: permissionKey } = await usherDb('permissions').select('key').first()
+      validPermissionKey = permissionKey
+      const { key: roleKey } = await usherDb('roles').select('key').first()
+      validRoleKey = roleKey
+      const { key: tenantKey } = await usherDb('tenants').select('key').first()
+      validTenantKey = tenantKey
+    })
+
+    beforeEach(async () => {
+      const [persona] = await usherDb('personas').insert({ tenantkey: validTenantKey, sub_claim: 'persona@test' }).returning('key')
+      testPersonaKey = persona.key
+    })
+
+    it('Should return 0 when there is no persona record to delete', async () => {
+      const numberOfDeletedRecords = await adminPersonas.deletePersonaByKey(invalidPersonaKey)
+      assert.equal(numberOfDeletedRecords, 0)
+    })
+
+    it('Should return 1 when successfully deletes a persona record', async () => {
+      const numberOfDeletedRecords = await adminPersonas.deletePersonaByKey(testPersonaKey)
+      assert.equal(numberOfDeletedRecords, 1)
+    })
+
+    it('Should delete persona and cascade delete personapermission records', async () => {
+      await usherDb('personapermissions').insert({ personakey: testPersonaKey, permissionkey: validPermissionKey })
+      const numberOfDeletedRecords = await adminPersonas.deletePersonaByKey(testPersonaKey)
+      assert.equal(numberOfDeletedRecords, 1)
+      const personaPermission = await usherDb('personapermissions').select('*').where({ personakey: testPersonaKey })
+      assert.equal(personaPermission.length, 0)
+    })
+
+    it('Should delete persona and cascade delete personarole records', async () => {
+      await usherDb('personaroles').insert({ personakey: testPersonaKey, rolekey: validRoleKey })
+      const numberOfDeletedRecords = await adminPersonas.deletePersonaByKey(testPersonaKey)
+      assert.equal(numberOfDeletedRecords, 1)
+      const personaRole = await usherDb('personaroles').select('*').where({ personakey: testPersonaKey })
+      assert.equal(personaRole.length, 0)
+    })
+
+    afterEach(async () => {
+      await usherDb('personas').where({ key: testPersonaKey }).del()
+    })
+  })
 })
diff --git a/server/src/api_endpoints/personas/persona.js b/server/src/api_endpoints/personas/persona.js
@@ -1,5 +1,6 @@
 const createError = require('http-errors')
 const dbAdminPersona = require('database/layer/admin-persona')
+const { checkPersonaExists } = require('./utils')
 
 const createPersona = async (req, res, next) => {
   try {
@@ -11,6 +12,18 @@ const createPersona = async (req, res, next) => {
   }
 }
 
+const deletePersona = async (req, res, next) => {
+  try {
+    const { persona_key: personaKey } = req.params
+    await checkPersonaExists(personaKey)
+    await dbAdminPersona.deletePersonaByKey(personaKey)
+    res.status(204).send()
+  } catch ({ httpStatusCode = 500, message }) {
+    return next(createError(httpStatusCode, { message }))
+  }
+}
+
 module.exports = {
   createPersona,
+  deletePersona,
 }
diff --git a/server/test/endpoint_admin_personas.test.js b/server/test/endpoint_admin_personas.test.js
@@ -2,7 +2,7 @@ const { describe, it, before, afterEach } = require('mocha')
 const fetch = require('node-fetch')
 const assert = require('assert')
 
-const { getAdmin1IdPToken } = require('./lib/tokens')
+const { getAdmin1IdPToken, getTestUser1IdPToken } = require('./lib/tokens')
 const { getServerUrl } = require('./lib/urls')
 const { usherDb } = require('../../database/layer/knex')
 
@@ -64,4 +64,58 @@ describe('Admin Personas', () => {
       } catch { }
     })
   })
+
+  describe('DELETE:/personas/{persona_key}', () => {
+    let testPersonaKey
+    let validTenantKey
+    const invalidPersonaKey = 999999
+    const deletePersona = async (personaKey = testPersonaKey, header = requestHeaders) => {
+      return await fetch(`${url}/personas/${personaKey}`, {
+        method: 'DELETE',
+        headers: header,
+      })
+    }
+
+    before(async () => {
+      const { key } = await usherDb('tenants').select('key').first()
+      validTenantKey = key
+    })
+
+    beforeEach(async () => {
+      const [persona] = await usherDb('personas').insert({ tenantkey: validTenantKey, sub_claim: 'persona@test' }).returning('key')
+      testPersonaKey = persona.key
+    })
+
+    it('should return 204, successfully deletes a persona', async () => {
+      const response = await deletePersona(testPersonaKey)
+      assert.equal(response.status, 204)
+      const personas = await usherDb('personas').select('*').where({ key: testPersonaKey })
+      assert.equal(personas.length, 0)
+    })
+
+    it('should return 400, for invalid persona_key path parameter', async () => {
+      const response = await deletePersona('a')
+      assert.equal(response.status, 400)
+    })
+
+    it('should return 401, unauthorized token', async () => {
+      const userAccessToken = await getTestUser1IdPToken()
+      const response = await deletePersona(
+        testPersonaKey,
+        {
+          ...requestHeaders,
+          Authorization: `Bearer ${userAccessToken}`
+        })
+      assert.equal(response.status, 401)
+    })
+
+    it('should return 404, persona does not exist to delete', async () => {
+      const response = await deletePersona(invalidPersonaKey)
+      assert.equal(response.status, 404)
+    })
+
+    afterEach(async () => {
+      await usherDb('personas').where({ key: testPersonaKey }).del()
+    })
+  })
 })
diff --git a/server/the-usher-openapi-spec.yaml b/server/the-usher-openapi-spec.yaml
@@ -469,6 +469,29 @@ paths:
         500:
           $ref: '#/components/responses/InternalError'
 
+  /personas/{persona_key}:
+    delete:
+      'x-swagger-router-controller': 'personas/persona'
+      operationId: deletePersona
+      summary: Deletes the subject persona
+      parameters:
+      - $ref: '#/components/parameters/personaKeyPathParam'
+      tags:
+        - Admin APIs
+      security:
+        - bearerAdminAuth: []
+      responses:
+        204:
+          description: Empty response on success
+        401:
+          $ref: '#/components/responses/Unauthorized'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        404:
+          $ref: '#/components/responses/NotFound'
+        500:
+          $ref: '#/components/responses/InternalError'
+
   /personas/{persona_key}/permissions:
     get:
       'x-swagger-router-controller': 'personas/permissions'