remove POST /api/internal/v1/custom_buttons/{id}/action (#734)

* remove POST /api/internal/v1/custom_buttons/{id}/action
2022-10-28 10:44:37 +02:00 · 2022-10-28 10:44:37 +02:00 · 5a4c3d6d77
commit 5a4c3d6d77
parent f931ef3992
4 changed files with 4 additions and 66 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,9 +1,9 @@
 # Change Log

-
-## v1.0.46 (2022-10-27)
+## v1.0.46 (2022-10-28)

 - Bug fixes
+- remove `POST /api/internal/v1/custom_buttons/{id}/action` endpoint

 ## v1.0.45 (2022-10-27)

--- a/engine/apps/api/tests/test_custom_button.py
+++ b/engine/apps/api/tests/test_custom_button.py
@ -447,39 +447,6 @@ def test_custom_button_delete_permissions(
    assert response.status_code == expected_status


-@pytest.mark.django_db
-@pytest.mark.parametrize(
-    "role,expected_status",
-    [
-        (Role.ADMIN, status.HTTP_200_OK),
-        (Role.EDITOR, status.HTTP_200_OK),
-        (Role.VIEWER, status.HTTP_403_FORBIDDEN),
-    ],
-)
-def test_custom_button_action_permissions(
-    make_organization_and_user_with_plugin_token,
-    make_custom_action,
-    make_user_auth_headers,
-    role,
-    expected_status,
-):
-    organization, user, token = make_organization_and_user_with_plugin_token(role)
-    custom_button = make_custom_action(organization=organization)
-    client = APIClient()
-
-    url = reverse("api-internal:custom_button-action", kwargs={"pk": custom_button.public_primary_key})
-
-    with patch(
-        "apps.api.views.custom_button.CustomButtonView.action",
-        return_value=Response(
-            status=status.HTTP_200_OK,
-        ),
-    ):
-        response = client.post(url, format="json", **make_user_auth_headers(user, token))
-
-    assert response.status_code == expected_status
-
-
@pytest.mark.django_db
 def test_get_custom_button_from_other_team_with_flag(
    make_organization_and_user_with_plugin_token,
--- a/engine/apps/api/views/custom_button.py
+++ b/engine/apps/api/views/custom_button.py
@ -1,17 +1,12 @@
 from django.core.exceptions import ObjectDoesNotExist
-from rest_framework import status
-from rest_framework.decorators import action
 from rest_framework.exceptions import NotFound
 from rest_framework.permissions import IsAuthenticated
-from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet

-from apps.alerts.models import AlertGroup, CustomButton
-from apps.alerts.tasks.custom_button_result import custom_button_result
-from apps.api.permissions import MODIFY_ACTIONS, READ_ACTIONS, ActionPermission, AnyRole, IsAdmin, IsAdminOrEditor
+from apps.alerts.models import CustomButton
+from apps.api.permissions import MODIFY_ACTIONS, READ_ACTIONS, ActionPermission, AnyRole, IsAdmin
 from apps.api.serializers.custom_button import CustomButtonSerializer
 from apps.auth_token.auth import PluginAuthentication
-from common.api_helpers.exceptions import BadRequest
 from common.api_helpers.mixins import PublicPrimaryKeyMixin, TeamFilteringMixin
 from common.insight_log import EntityEvent, write_resource_insight_log

@ -21,7 +16,6 @@ class CustomButtonView(TeamFilteringMixin, PublicPrimaryKeyMixin, ModelViewSet):
    permission_classes = (IsAuthenticated, ActionPermission)
    action_permissions = {
        IsAdmin: MODIFY_ACTIONS,
-        IsAdminOrEditor: ("action",),
        AnyRole: READ_ACTIONS,
    }

@ -85,19 +79,3 @@ class CustomButtonView(TeamFilteringMixin, PublicPrimaryKeyMixin, ModelViewSet):
            event=EntityEvent.DELETED,
        )
        instance.delete()
-
-    @action(detail=True, methods=["post"])
-    def action(self, request, pk):
-        alert_group_id = request.query_params.get("alert_group", None)
-        if alert_group_id is not None:
-            custom_button = self.get_object()
-            try:
-                alert_group = AlertGroup.unarchived_objects.get(
-                    public_primary_key=alert_group_id, channel=custom_button.alert_receive_channel
-                )
-                custom_button_result.apply_async((custom_button.pk, alert_group.pk, self.request.user.pk))
-            except AlertGroup.DoesNotExist:
-                raise BadRequest(detail="AlertGroup does not exist or archived")
-            return Response(status=status.HTTP_200_OK)
-        else:
-            raise BadRequest(detail="AlertGroup is required")
--- a/grafana-plugin/src/models/alert_receive_channel/alert_receive_channel.ts
+++ b/grafana-plugin/src/models/alert_receive_channel/alert_receive_channel.ts
@ -314,13 +314,6 @@ export class AlertReceiveChannelStore extends BaseStore {
    });
  }

-  async doCustomButtonAction(actionId: ActionDTO['id'], alertId: Alert['pk']) {
-    return await makeRequest(`/custom_buttons/${actionId}/action/`, {
-      method: 'POST',
-      params: { alert_group: alertId },
-    });
-  }
-
  async getAccessLogs(alertReceiveChannelId: AlertReceiveChannel['id']) {
    const { integration_log } = await makeRequest(`/alert_receive_channel_access_log/${alertReceiveChannelId}/`, {});