Skip to content

🐛(backend) prevent owner from leaving a soft-deleted document#2456

Open
maboukerfa wants to merge 1 commit into
suitenumerique:mainfrom
maboukerfa:fix/owner-leave-deleted-document
Open

🐛(backend) prevent owner from leaving a soft-deleted document#2456
maboukerfa wants to merge 1 commit into
suitenumerique:mainfrom
maboukerfa:fix/owner-leave-deleted-document

Conversation

@maboukerfa

@maboukerfa maboukerfa commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Purpose

Owners could leave trashed documents via the leave endpoint, deleting their DocumentAccess and all subtree access. When the last owner leaves a document it creates an orphan as no owners remains in the doc.

@maboukerfa
🐛(backend) prevent owner from leaving a soft-deleted document
ffab307 
Block owner from leaving a soft-deleted document,
preventing orphan documents.

Signed-off-by: BOUKERFA Mohamed El Amine <boukerfa.ma@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7e8d85c2-af2e-472c-a638-94a53762c8ef

📥 Commits

Reviewing files that changed from the base of the PR and between 4585fd8 and ffab307.

📒 Files selected for processing (3)
  • CHANGELOG.md
  • src/backend/core/models.py
  • src/backend/core/tests/documents/test_api_documents_leave.py

Walkthrough

In Document.get_abilities, the can_leave flag is updated to include a not is_deleted condition (derived from self.ancestors_deleted_at), preventing a document owner from leaving a soft-deleted document. A new parametrized test (test_api_documents_leave_connected_owner_on_deleted_document_not_allowed) verifies that posting to the leave endpoint on a soft-deleted document returns 403 Forbidden and leaves the owner's DocumentAccess and LinkTrace records intact. A changelog entry is added under Fixed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: preventing document owners from leaving soft-deleted documents, which is the primary fix in this changeset.
Description check ✅ Passed The description is directly related to the changeset, explaining the bug scenario and the problematic behavior being fixed.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maboukerfa