diff --git a/src/metabase/api/user.clj b/src/metabase/api/user.clj
index 0e62e1ae0827a47edbe9869d03573e323cedf34a..22b28006bd035f51439194b010bd01914912ba7a 100644
--- a/src/metabase/api/user.clj
+++ b/src/metabase/api/user.clj
@@ -9,6 +9,7 @@
[metabase.integrations.ldap :as ldap]
[metabase.models.collection :as collection :refer [Collection]]
[metabase.models.permissions-group :as group]
+ [metabase.models.pulse-channel-recipient :refer [PulseChannelRecipient]]
[metabase.models.user :as user :refer [User]]
[metabase.plugins.classloader :as classloader]
[metabase.server.middleware.offset-paging :as offset-paging]
@@ -320,5 +321,13 @@
(email/send-new-user-email! user @api/*current-user* join-url)))
{:success true})
+(api/defendpoint DELETE "/:id/subscriptions"
+ "Delete all Alert and DashboardSubscription subscriptions for a User. Only allowed for admins or for the current
+ user."
+ [id]
+ (check-self-or-superuser id)
+ (db/delete! PulseChannelRecipient :user_id id)
+ api/generic-204-no-content)
+
(api/define-routes)
diff --git a/test/metabase/api/alert_test.clj b/test/metabase/api/alert_test.clj
index d46c69981b87690cb57fea5a94dd7194ab7a733d..8b67b1acfda64fed3728670fa1d57175d1a1a960 100644
--- a/test/metabase/api/alert_test.clj
+++ b/test/metabase/api/alert_test.clj
@@ -15,8 +15,7 @@
[metabase.test.mock.util :refer [pulse-channel-defaults]]
[metabase.test.util :as tu]
[metabase.util :as u]
- [toucan.db :as db]
- [toucan.util.test :as tt]))
+ [toucan.db :as db]))
;;; +----------------------------------------------------------------------------------------------------------------+
;;; | Helper Fns & Macros |
@@ -176,11 +175,11 @@
(mt/with-temp* [PulseChannel [pulse-channel {:pulse_id (u/the-id recipient-alert)}]
PulseChannelRecipient [_ {:pulse_channel_id (u/the-id pulse-channel), :user_id (mt/user->id :lucky)}]]
(is (= #{"LuckyCreator" "LuckyRecipient"}
- (set (map :name (mt/user-http-request :rasta :get 200 (str "alert?user_id=" (mt/user->id :lucky)))))))
+ (set (map :name (mt/user-http-request :rasta :get 200 (str "alert?user_id=" (mt/user->id :lucky)))))))
(is (= #{"LuckyRecipient" "Other"}
- (set (map :name (mt/user-http-request :rasta :get 200 (str "alert?user_id=" (mt/user->id :rasta)))))))
+ (set (map :name (mt/user-http-request :rasta :get 200 (str "alert?user_id=" (mt/user->id :rasta)))))))
(is (= #{}
- (set (map :name (mt/user-http-request :rasta :get 200 (str "alert?user_id=" (mt/user->id :trashbird))))))))))))))
+ (set (map :name (mt/user-http-request :rasta :get 200 (str "alert?user_id=" (mt/user->id :trashbird))))))))))))))
;;; +----------------------------------------------------------------------------------------------------------------+
;;; | GET /api/alert/:id |
@@ -202,32 +201,38 @@
(deftest put-alert-test
(is (= {:errors {:alert_condition "value must be one of: `goal`, `rows`."}}
- ((user->client :rasta) :post 400 "alert" {:alert_condition "not rows"
- :card "foobar"})))
+ (mt/user-http-request
+ :rasta :post 400 "alert" {:alert_condition "not rows"
+ :card "foobar"})))
(is (= {:errors {:alert_first_only "value must be a boolean."}}
- ((user->client :rasta) :post 400 "alert" {:alert_condition "rows"})))
+ (mt/user-http-request
+ :rasta :post 400 "alert" {:alert_condition "rows"})))
(is (= {:errors {:card "value must be a map with the keys `id`, `include_csv`, `include_xls`, and `dashboard_card_id`."}}
- ((user->client :rasta) :post 400 "alert" {:alert_condition "rows"
- :alert_first_only false})))
+ (mt/user-http-request
+ :rasta :post 400 "alert" {:alert_condition "rows"
+ :alert_first_only false})))
(is (= {:errors {:channels "value must be an array. Each value must be a map. The array cannot be empty."}}
- ((user->client :rasta) :post 400 "alert" {:alert_condition "rows"
- :alert_first_only false
- :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}})))
+ (mt/user-http-request
+ :rasta :post 400 "alert" {:alert_condition "rows"
+ :alert_first_only false
+ :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}})))
(is (= {:errors {:channels "value must be an array. Each value must be a map. The array cannot be empty."}}
- ((user->client :rasta) :post 400 "alert" {:alert_condition "rows"
- :alert_first_only false
- :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
- :channels "foobar"})))
+ (mt/user-http-request
+ :rasta :post 400 "alert" {:alert_condition "rows"
+ :alert_first_only false
+ :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
+ :channels "foobar"})))
(is (= {:errors {:channels "value must be an array. Each value must be a map. The array cannot be empty."}}
- ((user->client :rasta) :post 400 "alert" {:alert_condition "rows"
- :alert_first_only false
- :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
- :channels ["abc"]}))))
+ (mt/user-http-request
+ :rasta :post 400 "alert" {:alert_condition "rows"
+ :alert_first_only false
+ :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
+ :channels ["abc"]}))))
(defn- rasta-new-alert-email [body-map]
(mt/email-to :rasta {:subject "You set up an alert",
@@ -288,14 +293,14 @@
;; Check creation of a new rows alert with email notification
(deftest new-rows-with-email-test
- (tt/with-temp* [Card [card {:name "My question"}]]
+ (mt/with-temp* [Card [card {:name "My question"}]]
(is (= [(-> (default-alert card)
(assoc-in [:card :include_csv] true)
(assoc-in [:card :collection_id] true)
(update-in [:channels 0] merge {:schedule_hour 12, :schedule_type "daily", :recipients []}))
(rasta-new-alert-email {"has any results" true})]
(tu/with-non-admin-groups-no-root-collection-perms
- (tt/with-temp Collection [collection]
+ (mt/with-temp Collection [collection]
(db/update! Card (u/the-id card) :collection_id (u/the-id collection))
(with-alert-setup
(perms/grant-collection-readwrite-permissions! (group/all-users) collection)
@@ -317,7 +322,7 @@
;; An admin created alert should notify others they've been subscribed
(deftest notify-subscribed-test
- (tt/with-temp* [Card [card {:name "My question"}]]
+ (mt/with-temp* [Card [card {:name "My question"}]]
(is (= {:response (-> (default-alert card)
(assoc :creator (user-details :crowberto))
(assoc-in [:card :include_csv] true)
@@ -353,14 +358,15 @@
(deftest below-goal-alert-test
(is (= (rasta-new-alert-email {"goes below its goal" true})
(tu/with-non-admin-groups-no-root-collection-perms
- (tt/with-temp* [Collection [collection]
+ (mt/with-temp* [Collection [collection]
Card [card {:name "My question"
:display "line"
:collection_id (u/the-id collection)}]]
(perms/grant-collection-readwrite-permissions! (group/all-users) collection)
(with-alert-setup
(et/with-expected-messages 1
- ((user->client :rasta) :post 200 "alert"
+ (mt/user-http-request
+ :rasta :post 200 "alert"
{:card {:id (u/the-id card), :include_csv false, :include_xls false, :dashboard_card_id nil}
:alert_condition "goal"
:alert_above_goal false
@@ -374,14 +380,15 @@
(deftest above-goal-alert-test
(is (= (rasta-new-alert-email {"meets its goal" true})
(tu/with-non-admin-groups-no-root-collection-perms
- (tt/with-temp* [Collection [collection]
+ (mt/with-temp* [Collection [collection]
Card [card {:name "My question"
:display "bar"
:collection_id (u/the-id collection)}]]
(perms/grant-collection-readwrite-permissions! (group/all-users) collection)
(with-alert-setup
(et/with-expected-messages 1
- ((user->client :rasta) :post 200 "alert"
+ (mt/user-http-request
+ :rasta :post 200 "alert"
{:card {:id (u/the-id card), :include_csv false, :include_xls false, :dashboard_card_id nil}
:collection_id (u/the-id collection)
:alert_condition "goal"
@@ -398,31 +405,36 @@
(deftest put-alert-test-2
(is (= {:errors {:alert_condition "value may be nil, or if non-nil, value must be one of: `goal`, `rows`."}}
- ((user->client :rasta) :put 400 "alert/1" {:alert_condition "not rows"})))
+ (mt/user-http-request
+ :rasta :put 400 "alert/1" {:alert_condition "not rows"})))
(is (= {:errors {:alert_first_only "value may be nil, or if non-nil, value must be a boolean."}}
- ((user->client :rasta) :put 400 "alert/1" {:alert_first_only 1000})))
+ (mt/user-http-request
+ :rasta :put 400 "alert/1" {:alert_first_only 1000})))
(is (= {:errors {:card (str "value may be nil, or if non-nil, value must be a map with the keys `id`, `include_csv`, "
"`include_xls`, and `dashboard_card_id`.")}}
- ((user->client :rasta) :put 400 "alert/1" {:alert_condition "rows"
- :alert_first_only false
- :card "foobar"})))
+ (mt/user-http-request
+ :rasta :put 400 "alert/1" {:alert_condition "rows"
+ :alert_first_only false
+ :card "foobar"})))
(is (= {:errors {:channels (str "value may be nil, or if non-nil, value must be an array. Each value must be a map. The "
"array cannot be empty.")}}
- ((user->client :rasta) :put 400 "alert/1" {:alert_condition "rows"
- :alert_first_only false
- :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
- :channels "foobar"})))
+ (mt/user-http-request
+ :rasta :put 400 "alert/1" {:alert_condition "rows"
+ :alert_first_only false
+ :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
+ :channels "foobar"})))
(is (= {:errors {:channels (str "value may be nil, or if non-nil, value must be an array. Each value must be a map. The "
"array cannot be empty.")}}
- ((user->client :rasta) :put 400 "alert/1" {:name "abc"
- :alert_condition "rows"
- :alert_first_only false
- :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
- :channels ["abc"]}))))
+ (mt/user-http-request
+ :rasta :put 400 "alert/1" {:name "abc"
+ :alert_condition "rows"
+ :alert_first_only false
+ :card {:id 100, :include_csv false, :include_xls false, :dashboard_card_id nil}
+ :channels ["abc"]}))))
(defn- default-alert-req
([card pulse-card-or-id]
@@ -461,7 +473,7 @@
(deftest update-alerts-test
(testing "Non-admin users can update alerts they created *if* they are in the recipient list"
- (tt/with-temp* [Pulse [alert (basic-alert)]
+ (mt/with-temp* [Pulse [alert (basic-alert)]
Card [card]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -475,7 +487,7 @@
(default-alert-req card pc)))))))))
(testing "Admin users can update any alert"
- (tt/with-temp* [Pulse [alert (basic-alert)]
+ (mt/with-temp* [Pulse [alert (basic-alert)]
Card [card]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -487,7 +499,7 @@
(default-alert-req card pc))))))))
(testing "Admin users can update any alert, changing the related alert attributes"
- (tt/with-temp* [Pulse [alert (basic-alert)]
+ (mt/with-temp* [Pulse [alert (basic-alert)]
Card [card]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -503,7 +515,7 @@
[(fetch-user :rasta)]))))))))
(testing "Admin users can add a recipient, that recipient should be notified"
- (tt/with-temp* [Pulse [alert (basic-alert)]
+ (mt/with-temp* [Pulse [alert (basic-alert)]
Card [card]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -549,7 +561,7 @@
(deftest permissions-test
(testing "Non-admin users can't edit alerts they didn't create"
(is (= "You don't have permissions to do that."
- (tt/with-temp* [Pulse [alert (assoc (basic-alert) :creator_id (user->id :crowberto))]
+ (mt/with-temp* [Pulse [alert (assoc (basic-alert) :creator_id (user->id :crowberto))]
Card [card]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -562,7 +574,7 @@
(testing "Non-admin users can't edit alerts if they're not in the recipient list"
(is (= "You don't have permissions to do that."
(tu/with-non-admin-groups-no-root-collection-perms
- (tt/with-temp* [Pulse [alert (basic-alert)]
+ (mt/with-temp* [Pulse [alert (basic-alert)]
Card [card]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -575,7 +587,8 @@
(testing "Can we archive an Alert?"
(is (with-alert-in-collection [_ collection alert]
(perms/grant-collection-readwrite-permissions! (group/all-users) collection)
- ((user->client :rasta) :put 200 (str "alert/" (u/the-id alert))
+ (mt/user-http-request
+ :rasta :put 200 (str "alert/" (u/the-id alert))
{:archived true})
(db/select-one-field :archived Pulse :id (u/the-id alert)))))
@@ -583,7 +596,8 @@
(is (false? (with-alert-in-collection [_ collection alert]
(perms/grant-collection-readwrite-permissions! (group/all-users) collection)
(db/update! Pulse (u/the-id alert) :archived true)
- ((user->client :rasta) :put 200 (str "alert/" (u/the-id alert))
+ (mt/user-http-request
+ :rasta :put 200 (str "alert/" (u/the-id alert))
{:archived false})
(db/select-one-field :archived Pulse :id (u/the-id alert)))))))
@@ -608,7 +622,7 @@
(count ((alert-client user-kw) :get 200 (alert-question-url card-or-id archived))))
(deftest get-alert-question-test
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert {:alert_condition "rows"
:alert_first_only false
:alert_above_goal nil
@@ -630,7 +644,7 @@
(testing "Non-admin users shouldn't see alerts they created if they're no longer recipients"
(is (= {:count-1 1
:count-2 0}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (assoc (basic-alert) :alert_above_goal true)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -647,7 +661,7 @@
(testing "Non-admin users should not see others alerts, admins see all alerts"
(is (= {:rasta 1
:crowberto 2}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert-1 (assoc (basic-alert)
:alert_above_goal false)]
PulseCard [_ (pulse-card alert-1 card)]
@@ -668,7 +682,7 @@
:crowberto (api:alert-question-count :crowberto card))))))))
(testing "Archived alerts are excluded by default, unless `archived` parameter is sent"
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert-1 (assoc (basic-alert)
:alert_above_goal false
:archived true)]
@@ -724,7 +738,7 @@
(is (= {:recipients-1 #{"crowberto@metabase.com" "rasta@metabase.com"}
:recipients-2 #{"crowberto@metabase.com"}
:emails (rasta-unsubscribe-email {"Foo" true})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -733,11 +747,13 @@
(with-alerts-in-readable-collection [alert]
(with-alert-setup
(array-map
- :recipients-1 (recipient-emails ((user->client :rasta) :get 200 (alert-question-url card)))
+ :recipients-1 (recipient-emails (mt/user-http-request
+ :rasta :get 200 (alert-question-url card)))
:recipients-2 (do
(et/with-expected-messages 1
(api:unsubscribe! :rasta 204 alert))
- (recipient-emails ((user->client :crowberto) :get 200 (alert-question-url card))))
+ (recipient-emails (mt/user-http-request
+ :crowberto :get 200 (alert-question-url card))))
:emails (et/regex-email-bodies #"https://metabase.com/testmb"
#"Foo"))))))))
@@ -745,7 +761,7 @@
(is (= {:count-1 1
:count-2 0
:emails (rasta-unsubscribe-email {"Foo" true})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -763,9 +779,9 @@
(testing "Alert should not be deleted if there is a slack channel"
(is (= {:count-1 1
- :count-2 1 ; <-- Alert should not be deleted
+ :count-2 1 ; <-- Alert should not be deleted
:emails (rasta-unsubscribe-email {"Foo" true})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc-1 (assoc (pulse-channel alert) :channel_type :email)]
@@ -784,11 +800,11 @@
(testing "If email is disabled, users should be unsubscribed"
(is (= {:count-1 1
- :count-2 1 ; <-- Alert should not be deleted
+ :count-2 1 ; <-- Alert should not be deleted
:emails (et/email-to :rasta {:subject "You’ve been unsubscribed from an alert",
:body {"https://metabase.com/testmb" true,
"letting you know that Crowberto Corv" true}})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc-1 (assoc (pulse-channel alert) :channel_type :email)]
@@ -808,11 +824,11 @@
(testing "Re-enabling email should send users a subscribe notification"
(is (= {:count-1 1
- :count-2 1 ; <-- Alert should not be deleted
+ :count-2 1 ; <-- Alert should not be deleted
:emails (et/email-to :rasta {:subject "Crowberto Corv added you to an alert",
:body {"https://metabase.com/testmb" true,
"now getting alerts about .*Foo" true}})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc-1 (assoc (pulse-channel alert) :channel_type :email, :enabled false)]
@@ -832,9 +848,9 @@
(testing "Alert should not be deleted if the unsubscriber isn't the creator"
(is (= {:count-1 1
- :count-2 1 ; <-- Alert should not be deleted
+ :count-2 1 ; <-- Alert should not be deleted
:emails (rasta-unsubscribe-email {"Foo" true})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (assoc (basic-alert) :creator_id (user->id :crowberto))]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc-1 (assoc (pulse-channel alert) :channel_type :email)]
@@ -856,14 +872,15 @@
;;; +----------------------------------------------------------------------------------------------------------------+
(defn- api:delete! [user-kw expected-status-code alert-or-id]
- ((user->client user-kw) :delete expected-status-code (alert-url alert-or-id)))
+ (mt/user-http-request
+ user-kw :delete expected-status-code (alert-url alert-or-id)))
(deftest delete-alert-test
(testing "Only admins can delete an alert"
(is (= {:count 1
:response "You don't have permissions to do that."}
(tu/with-non-admin-groups-no-root-collection-perms
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -879,13 +896,14 @@
:response nil
:count-2 0}
(tu/with-non-admin-groups-no-root-collection-perms
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
PulseChannelRecipient [_ (recipient pc :rasta)]]
(with-alert-setup
- (let [original-alert-response ((user->client :crowberto) :get 200 (alert-question-url card))]
+ (let [original-alert-response (mt/user-http-request
+ :crowberto :get 200 (alert-question-url card))]
;; A user can't delete an admin's alert
(api:delete! :rasta 403 alert)
@@ -900,7 +918,7 @@
:response nil
:count-2 0
:emails (rasta-deleted-email {})}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -923,7 +941,7 @@
(et/email-to :lucky {:subject "You’ve been unsubscribed from an alert",
:body {"Crowberto Corv deleted an alert" false
"Crowberto Corv unsubscribed you from alerts" true}}))}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (basic-alert)]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
@@ -944,7 +962,7 @@
:response nil
:count-2 0
:emails {}}
- (tt/with-temp* [Card [card (basic-alert-query)]
+ (mt/with-temp* [Card [card (basic-alert-query)]
Pulse [alert (assoc (basic-alert) :creator_id (user->id :crowberto))]
PulseCard [_ (pulse-card alert card)]
PulseChannel [pc (pulse-channel alert)]
diff --git a/test/metabase/api/user_test.clj b/test/metabase/api/user_test.clj
index a357e8e93277c448178f535f63819964abe0290a..04193c28b83a9945f5db0a90436671dfce7cf6ef 100644
--- a/test/metabase/api/user_test.clj
+++ b/test/metabase/api/user_test.clj
@@ -2,10 +2,10 @@
"Tests for /api/user endpoints."
(:require [clojure.test :refer :all]
[metabase.http-client :as http]
- [metabase.models.collection :as collection :refer [Collection]]
- [metabase.models.permissions-group :as group :refer [PermissionsGroup]]
- [metabase.models.permissions-group-membership :refer [PermissionsGroupMembership]]
- [metabase.models.user :refer [User]]
+ [metabase.models :refer [Card Collection Dashboard DashboardCard PermissionsGroup PermissionsGroupMembership
+ Pulse PulseCard PulseChannel PulseChannelRecipient User]]
+ [metabase.models.collection :as collection]
+ [metabase.models.permissions-group :as group]
[metabase.models.user-test :as user-test]
[metabase.server.middleware.util :as middleware.u]
[metabase.test :as mt]
@@ -865,3 +865,68 @@
(testing "Check that non-superusers are denied access to resending invites"
(is (= "You don't have permissions to do that."
(mt/user-http-request :rasta :post 403 (format "user/%d/send_invite" (mt/user->id :crowberto))))))))
+
+(deftest delete-subscriptions-test
+ (testing "DELETE /api/user/:id/subscriptions"
+ (doseq [run-type [:admin :non-admin]]
+ (mt/with-temp* [User [{user-id :id}]
+ Card [{card-id :id}]
+ ;; Alert
+ Pulse [{alert-id :id} {:alert_condition "rows"
+ :alert_first_only false
+ :name nil}]
+ PulseCard [_ {:pulse_id alert-id
+ :card_id card-id}]
+ PulseChannel [{alert-chan-id :id} {:pulse_id alert-id}]
+ PulseChannelRecipient [_ {:user_id user-id
+ :pulse_channel_id alert-chan-id}]
+ ;; DashboardSubscription
+ Dashboard [{dashboard-id :id}]
+ DashboardCard [{dashcard-id :id} {:dashboard_id dashboard-id
+ :card_id card-id}]
+ Pulse [{dash-sub-id :id} {:dashboard_id dashboard-id}]
+ PulseCard [_ {:pulse_id dash-sub-id
+ :card_id card-id
+ :dashboard_card_id dashcard-id}]
+ PulseChannel [{dash-sub-chan-id :id} {:pulse_id dash-sub-id}]
+ PulseChannelRecipient [_ {:user_id user-id
+ :pulse_channel_id dash-sub-chan-id}]]
+ (letfn [(describe-objects []
+ {:num-subscriptions (db/count PulseChannelRecipient :user_id user-id)
+ :alert-archived? (db/select-one-field :archived Pulse :id alert-id)
+ :dashboard-subscription-archived? (db/select-one-field :archived Pulse :id dash-sub-id)})
+ (api-delete-subscriptions! [request-user-name-or-id expected-status-code]
+ (mt/user-http-request request-user-name-or-id
+ :delete expected-status-code
+ (format "user/%d/subscriptions" user-id)))]
+ (testing "Sanity check: User should have 2 subscriptions (1 Alert, 1 DashboardSubscription)"
+ (is (= {:num-subscriptions 2
+ :alert-archived? false
+ :dashboard-subscription-archived? false}
+ (describe-objects))))
+ (case run-type
+ :non-admin
+ (testing "Non-admin"
+ (testing "should not be allowed to delete all subscriptions for another User"
+ (is (= "You don't have permissions to do that."
+ (api-delete-subscriptions! :rasta 403)))
+ (is (= {:num-subscriptions 2
+ :alert-archived? false
+ :dashboard-subscription-archived? false}
+ (describe-objects))))
+ (testing "should be allowed to delete all subscriptions for themselves."
+ (is (nil? (api-delete-subscriptions! user-id 204)))
+ (testing "\nAlert and DashboardSubscription should have gotten archived as well (since this was the last User)"
+ (is (= {:num-subscriptions 0
+ :alert-archived? true
+ :dashboard-subscription-archived? true}
+ (describe-objects))))))
+
+ :admin
+ (testing "Admin should be allowed to delete all subscriptions for another User"
+ (is (nil? (api-delete-subscriptions! :crowberto 204)))
+ (testing "\nAlert and DashboardSubscription should have gotten archived as well"
+ (is (= {:num-subscriptions 0
+ :alert-archived? true
+ :dashboard-subscription-archived? true}
+ (describe-objects)))))))))))