From 99f5b3aa812f4945db781e918cf3c2c947eb44ed Mon Sep 17 00:00:00 2001
From: Douglas Voet <dvoet@users.noreply.github.com>
Date: Fri, 5 Feb 2021 15:09:49 -0500
Subject: [PATCH] allow children to be deleted without remove_child on parent

---
 .../dsde/workbench/sam/api/ResourceRoutes.scala   |  4 +---
 .../workbench/sam/api/ResourceRoutesV2Spec.scala  | 15 ---------------
 2 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutes.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutes.scala
index 53093bff2..e8da6092c 100644
--- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutes.scala
+++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutes.scala
@@ -270,9 +270,7 @@ trait ResourceRoutes extends UserInfoDirectives with SecurityDirectives with Sam
   def deleteResource(resource: FullyQualifiedResourceId, userInfo: UserInfo, samRequestContext: SamRequestContext): server.Route =
     delete {
       requireAction(resource, SamResourceActions.delete, userInfo.userId, samRequestContext) {
-        requireParentAction(resource, None, SamResourceActions.removeChild, userInfo.userId, samRequestContext) {
-          complete(resourceService.deleteResource(resource, samRequestContext).map(_ => StatusCodes.NoContent))
-        }
+        complete(resourceService.deleteResource(resource, samRequestContext).map(_ => StatusCodes.NoContent))
       }
     }
 
diff --git a/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutesV2Spec.scala b/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutesV2Spec.scala
index 8b41ae938..01e4ab098 100644
--- a/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutesV2Spec.scala
+++ b/src/test/scala/org/broadinstitute/dsde/workbench/sam/api/ResourceRoutesV2Spec.scala
@@ -1413,21 +1413,6 @@ class ResourceRoutesV2Spec extends AnyFlatSpec with Matchers with TestSupport wi
     }
   }
 
-  it should "403 if user is missing remove_child on parent resource if it exists" in {
-    val childResource = FullyQualifiedResourceId(defaultResourceType.name, ResourceId("child"))
-    val currentParentResource = FullyQualifiedResourceId(defaultResourceType.name, ResourceId("currentParent"))
-    val samRoutes = createSamRoutes(Map(defaultResourceType.name -> defaultResourceType))
-
-    setupParentRoutes(samRoutes, childResource,
-      currentParentOpt = Option(currentParentResource),
-      actionsOnChild = Set(SamResourceActions.setParent, SamResourceActions.delete),
-      actionsOnCurrentParent = Set(SamResourceActions.readPolicies))
-
-    Delete(s"/api/resources/v2/${defaultResourceType.name}/${childResource.resourceId.value}") ~> samRoutes.route ~> check {
-      status shouldEqual StatusCodes.Forbidden
-    }
-  }
-
   "GET /api/resources/v2/{resourceType}/{resourceId}/policies/{policyName}" should "200 on existing policy of a resource with read_policies" in {
     val members = AccessPolicyMembership(Set(defaultUserInfo.userEmail), Set.empty, Set.empty, None)
     val resource = FullyQualifiedResourceId(defaultResourceType.name, ResourceId("resource"))