SS-1126 Remove access to project after deletion (#253)

apps/views.py

@@ -5,7 +5,7 @@
 from django.contrib.auth import get_user_model
 from django.core.exceptions import PermissionDenied
 from django.db import transaction
-from django.http import HttpResponseForbidden, JsonResponse
+from django.http import HttpResponse, HttpResponseForbidden, JsonResponse
 from django.shortcuts import HttpResponseRedirect, render, reverse
 from django.utils.decorators import method_decorator
 from django.views import View
@@ -221,6 +221,9 @@ def get(self, request, project, app_slug, app_id=None):
         project_slug = project
         project = Project.objects.get(slug=project_slug)
 
+        if request.user.is_superuser and project.status == "deleted":
+            return HttpResponse("This project has been deleted by the user.")
+
         form = self.get_form(request, project, app_slug, app_id)
 
         if form is None or not getattr(form, "is_valid", False):

projects/views.py

@@ -21,7 +21,7 @@
 from django.utils.decorators import method_decorator
 from django.views import View
 from guardian.decorators import permission_required_or_403
-from guardian.shortcuts import assign_perm, remove_perm
+from guardian.shortcuts import assign_perm, get_users_with_perms, remove_perm
 
 from apps.app_registry import APP_REGISTRY
 from apps.models import BaseAppInstance
@@ -87,6 +87,9 @@ def settings(request, project_slug):
             Q(slug=project_slug),
         ).first()
 
+    if request.user.is_superuser and project.status == "deleted":
+        return HttpResponse("This project has been deleted by the user.")
+
     try:
         User._meta.get_field("is_user")
         platform_users = User.objects.filter(
@@ -489,6 +492,10 @@ class DetailsView(View):
 
     def get(self, request, project_slug):
         project = Project.objects.get(slug=project_slug)
+
+        if request.user.is_superuser and project.status == "deleted":
+            return HttpResponse("This project has been deleted by the user.")
+
         resources = []
         app_ids = []
         if request.user.is_superuser:
@@ -569,6 +576,11 @@ def delete(request, project_slug):
         project = Project.objects.filter(slug=project_slug).first()
 
     logger.info("SCHEDULING DELETION OF ALL INSTALLED APPS")
+    # remove permissions to see this project
+    users_with_permission = get_users_with_perms(project)
+    for user in users_with_permission:
+        remove_perm("can_view_project", user, project)
+    # set the status to 'deleted'
     project.status = "deleted"
     project.save()
     delete_project.delay(project.pk)

templates/projects/partials/app_templates.html

@@ -25,19 +25,9 @@ <h5>{{ app.name }}</h5>
 
                                             {% if can_create %}
 
-                                                <!-- When models are launched REMOVE THIS -->
-                                                    {% if "Serv" in app.name or app.name == "Python Model Deployment" %}
-                                                    <a class="btn btn-primary btn-sm"
-                                                        href="">Create</a>
-                                                    {% else %}
-                                                <!-- To here -->
                                                     <a class="btn btn-primary btn-sm"
                                                         href="{% url 'apps:create' project.slug app.slug  %}?from=overview">Create</a>
 
-                                                <!-- And here -->
-                                                    {% endif %}
-                                                <!-- To here -->
-
                                             {% else %}
                                             <button class="btn btn-secondary btn-sm" style="cursor: default;"
                                                 data-bs-toggle="tooltip" data-bs-placement="top"