From ffcd731a68577e615812f5a6709c7166a26c33ea Mon Sep 17 00:00:00 2001
From: Katie Smith <katie.smith@digital.cabinet-office.gov.uk>
Date: Tue, 21 May 2019 15:59:23 +0100
Subject: [PATCH] Add endpoint to archive a user

This archives a user if their state is 'active'.
---
 app/user/rest.py            | 11 ++++++++++-
 tests/app/user/test_rest.py | 39 +++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/app/user/rest.py b/app/user/rest.py
index 28ca47220..456008c30 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -21,7 +21,8 @@ from app.dao.users_dao import (
     save_user_attribute,
     update_user_password,
     count_user_verify_codes,
-    get_user_and_accounts
+    get_user_and_accounts,
+    dao_archive_user,
 )
 from app.dao.permissions_dao import permission_dao
 from app.dao.service_user_dao import dao_get_service_user, dao_update_service_user
@@ -128,6 +129,14 @@ def update_user_attribute(user_id):
     return jsonify(data=user_to_update.serialize()), 200
 
 
+@user_blueprint.route('/<uuid:user_id>/archive', methods=['POST'])
+def archive_user(user_id):
+    user = get_user_by_id(user_id)
+    dao_archive_user(user)
+
+    return '', 204
+
+
 @user_blueprint.route('/<uuid:user_id>/activate', methods=['POST'])
 def activate_user(user_id):
     user = get_user_by_id(user_id=user_id)
diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py
index 179b06d1c..35e3809ce 100644
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -309,6 +309,45 @@ def test_post_user_attribute_with_updated_by(
         mock_persist_notification.assert_not_called()
 
 
+def test_archive_user(mocker, client, sample_user):
+    archive_mock = mocker.patch('app.user.rest.dao_archive_user')
+
+    response = client.post(
+        url_for('user.archive_user', user_id=sample_user.id),
+        headers=[create_authorization_header()]
+    )
+
+    assert response.status_code == 204
+    archive_mock.assert_called_once_with(sample_user)
+
+
+def test_archive_user_when_user_does_not_exist_gives_404(mocker, client, fake_uuid, notify_db_session):
+    archive_mock = mocker.patch('app.user.rest.dao_archive_user')
+
+    response = client.post(
+        url_for('user.archive_user', user_id=fake_uuid),
+        headers=[create_authorization_header()]
+    )
+
+    assert response.status_code == 404
+    archive_mock.assert_not_called()
+
+
+def test_archive_user_when_user_cannot_be_archived(mocker, client, sample_user):
+    mocker.patch('app.dao.users_dao.user_can_be_archived', return_value=False)
+
+    response = client.post(
+        url_for('user.archive_user', user_id=sample_user.id),
+        headers=[create_authorization_header()]
+    )
+    json_resp = json.loads(response.get_data(as_text=True))
+
+    msg = "User can’t be removed from a service - check all services have another team member with manage_settings"
+
+    assert response.status_code == 400
+    assert json_resp['message'] == msg
+
+
 def test_get_user_by_email(client, sample_service):
     sample_user = sample_service.users[0]
     header = create_authorization_header()