feat: Delete multiple games (#1456)

* feat: added delete_games to GameViewSet

* Merge branch 'development' into delete-multiple-games

* added tests

* Merge branch 'development' into delete-multiple-games

aimmo/serializers.py

@@ -50,3 +50,7 @@ def update(self, instance, validated_data):
 
         instance.save()
         return instance
+
+
+class GameIdsSerializer(serializers.Serializer):
+    game_ids = serializers.MultipleChoiceField(choices=[])

aimmo/tests/test_views.py

@@ -473,3 +473,49 @@ def test_update_game_worksheet_updates_avatar_codes(self):
 
         assert avatar1.code == self.worksheet2.starter_code
         assert avatar2.code == self.worksheet2.starter_code
+
+    def test_delete_games(self):
+        # Create a new teacher with a game to make sure it's not affected
+        new_user: User = User.objects.create_user(
+            "test2", "test2@example.com", "password"
+        )
+        new_user.is_staff = True
+        new_user.save()
+        new_user_profile: UserProfile = UserProfile(user=new_user)
+        new_user_profile.save()
+        new_teacher: Teacher = Teacher.objects.create(
+            user=new_user_profile, new_user=new_user, title="Mx"
+        )
+        new_teacher.save()
+        new_klass, _, _ = create_class_directly(new_user.email)
+        new_user.save()
+        new_game = models.Game(
+            name="test2", game_class=new_klass, worksheet=self.worksheet
+        )
+        new_game.save()
+
+        # Create a game for the second class
+        game2 = models.Game(
+            name="test", game_class=self.klass2, worksheet=self.worksheet
+        )
+        game2.save()
+
+        data = {"game_ids": [self.game.id, game2.id, new_game.id]}
+
+        # Try to login as a student and delete games - they shouldn't have access
+        _, student_password, student = create_school_student_directly(
+            self.klass.access_code
+        )
+        client = self.login(
+            username=student.new_user.username, password=student_password
+        )
+        response = client.post(reverse("game-delete-games"), data)
+        assert response.status_code == 403
+        assert Game.objects.count() == 3
+
+        # Login as initial teacher and delete games - only his games should be deleted
+        client = self.login()
+        response = client.post(reverse("game-delete-games"), data)
+        assert response.status_code == 204
+        assert Game.objects.count() == 1
+        assert Game.objects.get(pk=new_game.id)

aimmo/views.py

@@ -13,11 +13,14 @@
     api_view,
     authentication_classes,
     permission_classes,
+    action,
 )
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
+from common.permissions import CanDeleteGame
+
 from . import game_renderer
 from .avatar_creator import create_avatar_for_user
 from .exceptions import UserCannotPlayGameException
@@ -27,7 +30,7 @@
     CsrfExemptSessionAuthentication,
     GameHasToken,
 )
-from .serializers import GameSerializer
+from .serializers import GameSerializer, GameIdsSerializer
 
 LOGGER = logging.getLogger(__name__)
 
@@ -91,6 +94,19 @@ def list(self, request):
             response[game.pk] = serializer.data
         return Response(response)
 
+    @action(
+        detail=False,
+        methods=["post"],
+        serializer_class=GameIdsSerializer,
+        permission_classes=(CanDeleteGame,),
+    )
+    def delete_games(self, request):
+        game_ids = request.data.getlist("game_ids")
+        Game.objects.filter(
+            pk__in=game_ids, game_class__teacher__new_user=request.user
+        ).delete()
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
 
 @api_view(["GET"])
 @authentication_classes([SessionAuthentication])