save19

AntoLC · AntoLC · commit 0dfd3da65932 · 2026-05-13T16:42:43.000+02:00
diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py
@@ -2972,6 +2972,17 @@ def resolve(self, request, *args, **kwargs):
             thread.save(update_fields=["resolved", "resolved_at", "resolved_by"])
         return drf.response.Response(status=status.HTTP_204_NO_CONTENT)
 
+    @drf.decorators.action(detail=True, methods=["post"], url_path="unresolve")
+    def unresolve(self, request, *args, **kwargs):
+        """Unresolve a thread."""
+        thread = self.get_object()
+        if thread.resolved:
+            thread.resolved = False
+            thread.resolved_at = None
+            thread.resolved_by = None
+            thread.save(update_fields=["resolved", "resolved_at", "resolved_by"])
+        return drf.response.Response(status=status.HTTP_204_NO_CONTENT)
+
 
 class CommentViewSet(
     CommentViewSetMixin,
diff --git a/src/backend/core/models.py b/src/backend/core/models.py
@@ -1851,6 +1851,7 @@ def get_abilities(self, user):
             "update": write_access,
             "partial_update": write_access,
             "resolve": write_access,
+            "unresolve": write_access,
             "retrieve": read_access,
         }
 
diff --git a/src/backend/core/tests/documents/test_api_documents_threads.py b/src/backend/core/tests/documents/test_api_documents_threads.py
@@ -1224,3 +1224,210 @@ def test_api_documents_threads_resolve_restricted_document_privileged_roles(role
     assert thread.resolved is True
     assert thread.resolved_at is not None
     assert thread.resolved_by == user
+
+
+# Unresolve
+
+
+def test_api_documents_threads_unresolve_public_document_anonymous_user():
+    """
+    Anonymous users should not be allowed to unresolve threads on public documents.
+    """
+    document = factories.DocumentFactory(
+        link_reach="public",
+        link_role=models.LinkRoleChoices.COMMENTER,
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 401
+
+
+def test_api_documents_threads_unresolve_public_document_authenticated_user():
+    """
+    Authenticated users should not be allowed to unresolve threads on public documents.
+    """
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(
+        link_reach="public",
+        link_role=models.LinkRoleChoices.COMMENTER,
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 403
+
+
+def test_api_documents_threads_unresolve_authenticated_document_anonymous_user():
+    """
+    Anonymous users should not be allowed to unresolve threads on authenticated documents.
+    """
+    document = factories.DocumentFactory(
+        link_reach="authenticated",
+        link_role=models.LinkRoleChoices.COMMENTER,
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 401
+
+
+def test_api_documents_threads_unresolve_authenticated_document_reader_role():
+    """
+    Authenticated users should not be allowed to unresolve threads on authenticated
+    documents with reader link_role.
+    """
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(
+        link_reach="authenticated",
+        link_role=models.LinkRoleChoices.READER,
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 403
+
+
+@pytest.mark.parametrize(
+    "link_role", [models.LinkRoleChoices.COMMENTER, models.LinkRoleChoices.EDITOR]
+)
+def test_api_documents_threads_unresolve_authenticated_document(link_role):
+    """
+    Authenticated users should not be allowed to unresolve threads on authenticated documents with
+    commenter or editor link_role.
+    """
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(
+        link_reach="authenticated",
+        link_role=link_role,
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 403
+
+
+def test_api_documents_threads_unresolve_restricted_document_anonymous_user():
+    """
+    Anonymous users should not be allowed to unresolve threads on restricted documents.
+    """
+    document = factories.DocumentFactory(
+        link_reach="restricted",
+        link_role=models.LinkRoleChoices.COMMENTER,
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 401
+
+
+def test_api_documents_threads_unresolve_restricted_document_reader_role():
+    """
+    Authenticated users should not be allowed to unresolve threads on restricted documents with
+    reader roles.
+    """
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(
+        link_reach="restricted",
+        link_role=models.LinkRoleChoices.READER,
+        users=[(user, models.LinkRoleChoices.READER)],
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 403
+
+
+@pytest.mark.parametrize(
+    "role", [models.RoleChoices.COMMENTER, models.RoleChoices.EDITOR]
+)
+def test_api_documents_threads_unresolve_restricted_document_editor(role):
+    """
+    Authenticated users should not be allowed to unresolve threads on restricted documents with
+    commenter or editor roles.
+    """
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(
+        link_reach="restricted",
+        link_role=models.LinkRoleChoices.EDITOR,
+        users=[(user, role)],
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 403
+
+
+@pytest.mark.parametrize("role", [models.RoleChoices.ADMIN, models.RoleChoices.OWNER])
+def test_api_documents_threads_unresolve_restricted_document_privileged_roles(role):
+    """
+    Authenticated users with privileged roles should be allowed to unresolve threads on
+    restricted documents.
+    """
+    user = factories.UserFactory()
+    document = factories.DocumentFactory(
+        link_reach="restricted",
+        link_role=models.LinkRoleChoices.EDITOR,
+        users=[(user, role)],
+    )
+
+    thread = factories.ThreadFactory(document=document, creator=None, resolved=True)
+    factories.CommentFactory(thread=thread, user=None)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.post(
+        f"/api/v1.0/documents/{document.id!s}/threads/{thread.id!s}/unresolve/",
+    )
+    assert response.status_code == 204
+
+    # Verify thread is unresolved
+    thread.refresh_from_db()
+    assert thread.resolved is False
+    assert thread.resolved_at is None
+    assert thread.resolved_by is None
diff --git a/src/frontend/apps/impress/src/features/docs/doc-editor/components/comments/DocsThreadStore.tsx b/src/frontend/apps/impress/src/features/docs/doc-editor/components/comments/DocsThreadStore.tsx
@@ -534,11 +534,6 @@ export class DocsThreadStore extends ThreadStore {
     this.ping(threadId);
   };
 
-  /**
-   * Todo: Not implemented backend side
-   * @returns
-   * @throws
-   */
   public unresolveThread = async (_options: { threadId: string }) => {
     const response = await fetchAPI(
       `documents/${this.docId}/threads/${_options.threadId}/unresolve/`,

Original file line number	Diff line number	Diff line change
`@@ -1851,6 +1851,7 @@ def get_abilities(self, user):`
`1851`	`1851`	`"update": write_access,`
`1852`	`1852`	`"partial_update": write_access,`
`1853`	`1853`	`"resolve": write_access,`
	`1854`	`+ "unresolve": write_access,`
`1854`	`1855`	`"retrieve": read_access,`
`1855`	`1856`	`}`
`1856`	`1857`