PM-31923 adding renew and delete endpoints

prograhamming · prograhamming · commit a070867022ca · 2026-04-03T08:46:11.000-05:00
diff --git a/src/Api/Dirt/Controllers/OrganizationReportsController.cs b/src/Api/Dirt/Controllers/OrganizationReportsController.cs
@@ -297,6 +297,99 @@ public async Task<IActionResult> GetOrganizationReportSummaryDataByDateRangeAsyn
         return Ok(summaryDataList.Select(s => new OrganizationReportSummaryDataResponseModel(s)));
     }
 
+    /// <summary>
+    /// Deletes an organization report and its associated file from storage.
+    /// Removes the database record first, then cleans up any stored files.
+    /// </summary>
+    /// <param name="organizationId">The unique identifier of the organization.</param>
+    /// <param name="reportId">The unique identifier of the report to delete.</param>
+    [HttpDelete("{organizationId}/{reportId}")]
+    public async Task DeleteOrganizationReportAsync(Guid organizationId, Guid reportId)
+    {
+        if (organizationId == Guid.Empty)
+        {
+            throw new BadRequestException("OrganizationId is required.");
+        }
+
+        if (reportId == Guid.Empty)
+        {
+            throw new BadRequestException("ReportId is required.");
+        }
+
+        await AuthorizeAsync(organizationId);
+
+        var report = await _organizationReportRepo.GetByIdAsync(reportId);
+        if (report == null)
+        {
+            throw new NotFoundException();
+        }
+
+        if (report.OrganizationId != organizationId)
+        {
+            throw new BadRequestException("Invalid report ID");
+        }
+
+        var fileData = report.GetReportFile();
+
+        await _organizationReportRepo.DeleteAsync(report);
+
+        if (fileData != null && !string.IsNullOrEmpty(fileData.Id))
+        {
+            await _storageService.DeleteReportFilesAsync(report, fileData.Id);
+        }
+    }
+
+    /// <summary>
+    /// Renews the file upload URL for an organization report that has not yet been validated.
+    /// Returns a fresh presigned upload URL for the report file, allowing the client to retry
+    /// an upload after the original URL has expired. Requires the Access Intelligence V2 feature flag.
+    /// </summary>
+    /// <param name="organizationId">The unique identifier of the organization.</param>
+    /// <param name="reportId">The unique identifier of the report with the pending file upload.</param>
+    /// <param name="reportFileId">The identifier of the report file entry to renew the upload URL for.</param>
+    /// <returns>An <see cref="OrganizationReportFileResponseModel"/> with the renewed upload URL.</returns>
+    [RequireFeature(FeatureFlagKeys.AccessIntelligenceVersion2)]
+    [HttpGet("{organizationId}/{reportId}/file/renew")]
+    public async Task<OrganizationReportFileResponseModel> RenewFileUploadUrlAsync(
+        Guid organizationId, Guid reportId, [FromQuery] string reportFileId)
+    {
+        if (organizationId == Guid.Empty)
+        {
+            throw new BadRequestException("OrganizationId is required.");
+        }
+
+        if (reportId == Guid.Empty)
+        {
+            throw new BadRequestException("ReportId is required.");
+        }
+
+        await AuthorizeAsync(organizationId);
+
+        var report = await _organizationReportRepo.GetByIdAsync(reportId);
+        if (report == null)
+        {
+            throw new NotFoundException();
+        }
+
+        if (report.OrganizationId != organizationId)
+        {
+            throw new BadRequestException("Invalid report ID");
+        }
+
+        var fileData = report.GetReportFile();
+        if (fileData == null || fileData.Id != reportFileId || fileData.Validated)
+        {
+            throw new NotFoundException();
+        }
+
+        return new OrganizationReportFileResponseModel
+        {
+            ReportFileUploadUrl = await _storageService.GetReportFileUploadUrlAsync(report, fileData),
+            ReportResponse = new OrganizationReportResponseModel(report),
+            FileUploadType = _storageService.FileUploadType
+        };
+    }
+
     /// <summary>
     /// Handles Azure Event Grid webhook notifications for blob storage events.
     /// When a <c>Microsoft.Storage.BlobCreated</c> event is received, validates the uploaded
diff --git a/test/Api.Test/Dirt/OrganizationReportsControllerTests.cs b/test/Api.Test/Dirt/OrganizationReportsControllerTests.cs
@@ -8,6 +8,7 @@
 using Bit.Core.Dirt.Reports.ReportFeatures.Interfaces;
 using Bit.Core.Dirt.Reports.ReportFeatures.Requests;
 using Bit.Core.Dirt.Reports.Services;
+using Bit.Core.Dirt.Repositories;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data.Organizations;
@@ -384,6 +385,277 @@ await sutProvider.GetDependency<IGetOrganizationReportQuery>()
             .GetOrganizationReportAsync(Arg.Any<Guid>());
     }
 
+    // DeleteOrganizationReportAsync
+
+    [Theory, BitAutoData]
+    public async Task DeleteOrganizationReportAsync_WithFile_DeletesDbThenStorage(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        var reportFile = new ReportFile { Id = "file-id", FileName = "report.json", Size = 1024, Validated = true };
+        report.OrganizationId = orgId;
+        report.SetReportFile(reportFile);
+
+        SetupAuthorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act
+        await sutProvider.Sut.DeleteOrganizationReportAsync(orgId, report.Id);
+
+        // Assert
+        await sutProvider.GetDependency<IOrganizationReportRepository>()
+            .Received(1)
+            .DeleteAsync(report);
+
+        await sutProvider.GetDependency<IOrganizationReportStorageService>()
+            .Received(1)
+            .DeleteReportFilesAsync(report, "file-id");
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteOrganizationReportAsync_WithNoFile_DeletesDbOnly(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        report.OrganizationId = orgId;
+        report.ReportFile = null;
+
+        SetupAuthorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act
+        await sutProvider.Sut.DeleteOrganizationReportAsync(orgId, report.Id);
+
+        // Assert
+        await sutProvider.GetDependency<IOrganizationReportRepository>()
+            .Received(1)
+            .DeleteAsync(report);
+
+        await sutProvider.GetDependency<IOrganizationReportStorageService>()
+            .DidNotReceive()
+            .DeleteReportFilesAsync(Arg.Any<OrganizationReport>(), Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteOrganizationReportAsync_ReportNotFound_ThrowsNotFoundException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        Guid reportId)
+    {
+        // Arrange
+        SetupAuthorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(reportId)
+            .Returns((OrganizationReport)null);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.DeleteOrganizationReportAsync(orgId, reportId));
+
+        await sutProvider.GetDependency<IOrganizationReportRepository>()
+            .DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationReport>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteOrganizationReportAsync_OrgMismatch_ThrowsBadRequestException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        report.OrganizationId = Guid.NewGuid();
+
+        SetupAuthorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
+            sutProvider.Sut.DeleteOrganizationReportAsync(orgId, report.Id));
+
+        Assert.Equal("Invalid report ID", exception.Message);
+
+        await sutProvider.GetDependency<IOrganizationReportRepository>()
+            .DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationReport>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteOrganizationReportAsync_WithoutAccess_ThrowsNotFoundException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        Guid reportId)
+    {
+        // Arrange
+        sutProvider.GetDependency<ICurrentContext>()
+            .AccessReports(orgId)
+            .Returns(false);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.DeleteOrganizationReportAsync(orgId, reportId));
+
+        await sutProvider.GetDependency<IOrganizationReportRepository>()
+            .DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationReport>());
+    }
+
+    // RenewFileUploadUrlAsync
+
+    [Theory, BitAutoData]
+    public async Task RenewFileUploadUrlAsync_WithUnvalidatedFile_ReturnsRenewedUrl(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report,
+        string uploadUrl)
+    {
+        // Arrange
+        var reportFile = new ReportFile { Id = "file-id", FileName = "report.json", Size = 1024, Validated = false };
+        report.OrganizationId = orgId;
+        report.SetReportFile(reportFile);
+
+        SetupV2Authorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        sutProvider.GetDependency<IOrganizationReportStorageService>()
+            .GetReportFileUploadUrlAsync(report, Arg.Any<ReportFile>())
+            .Returns(uploadUrl);
+
+        sutProvider.GetDependency<IOrganizationReportStorageService>()
+            .FileUploadType
+            .Returns(FileUploadType.Azure);
+
+        // Act
+        var result = await sutProvider.Sut.RenewFileUploadUrlAsync(orgId, report.Id, "file-id");
+
+        // Assert
+        Assert.Equal(uploadUrl, result.ReportFileUploadUrl);
+        Assert.Equal(FileUploadType.Azure, result.FileUploadType);
+        Assert.NotNull(result.ReportResponse);
+    }
+
+    [Theory, BitAutoData]
+    public async Task RenewFileUploadUrlAsync_ReportNotFound_ThrowsNotFoundException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        Guid reportId)
+    {
+        // Arrange
+        SetupV2Authorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(reportId)
+            .Returns((OrganizationReport)null);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.RenewFileUploadUrlAsync(orgId, reportId, "file-id"));
+    }
+
+    [Theory, BitAutoData]
+    public async Task RenewFileUploadUrlAsync_OrgMismatch_ThrowsBadRequestException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        report.OrganizationId = Guid.NewGuid();
+
+        SetupV2Authorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act & Assert
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
+            sutProvider.Sut.RenewFileUploadUrlAsync(orgId, report.Id, "file-id"));
+
+        Assert.Equal("Invalid report ID", exception.Message);
+    }
+
+    [Theory, BitAutoData]
+    public async Task RenewFileUploadUrlAsync_FileAlreadyValidated_ThrowsNotFoundException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        var reportFile = new ReportFile { Id = "file-id", FileName = "report.json", Size = 1024, Validated = true };
+        report.OrganizationId = orgId;
+        report.SetReportFile(reportFile);
+
+        SetupV2Authorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.RenewFileUploadUrlAsync(orgId, report.Id, "file-id"));
+    }
+
+    [Theory, BitAutoData]
+    public async Task RenewFileUploadUrlAsync_NoFileData_ThrowsNotFoundException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        report.OrganizationId = orgId;
+        report.ReportFile = null;
+
+        SetupV2Authorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.RenewFileUploadUrlAsync(orgId, report.Id, "file-id"));
+    }
+
+    [Theory, BitAutoData]
+    public async Task RenewFileUploadUrlAsync_MismatchedFileId_ThrowsNotFoundException(
+        SutProvider<OrganizationReportsController> sutProvider,
+        Guid orgId,
+        OrganizationReport report)
+    {
+        // Arrange
+        var reportFile = new ReportFile { Id = "file-id", FileName = "report.json", Size = 1024, Validated = false };
+        report.OrganizationId = orgId;
+        report.SetReportFile(reportFile);
+
+        SetupV2Authorization(sutProvider, orgId);
+
+        sutProvider.GetDependency<IOrganizationReportRepository>()
+            .GetByIdAsync(report.Id)
+            .Returns(report);
+
+        // Act & Assert
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.RenewFileUploadUrlAsync(orgId, report.Id, "wrong-file-id"));
+    }
+
     // UpdateOrganizationReportAsync - V1 (flag off)
 
     [Theory, BitAutoData]
