aboutsummaryrefslogtreecommitdiffstats
path: root/backend/routes/forms/responses.py
diff options
context:
space:
mode:
Diffstat (limited to 'backend/routes/forms/responses.py')
-rw-r--r--backend/routes/forms/responses.py57
1 files changed, 56 insertions, 1 deletions
diff --git a/backend/routes/forms/responses.py b/backend/routes/forms/responses.py
index 54da246..d378187 100644
--- a/backend/routes/forms/responses.py
+++ b/backend/routes/forms/responses.py
@@ -8,7 +8,7 @@ from starlette.responses import JSONResponse
from backend.models import FormResponse, ResponseList
from backend.route import Route
-from backend.validation import api, ErrorMessage
+from backend.validation import api, ErrorMessage, OkayResponse
class Responses(Route):
@@ -38,3 +38,58 @@ class Responses(Route):
FormResponse(**response) for response in await cursor.to_list(None)
]
return JSONResponse([response.dict() for response in responses])
+
+ @requires(["authenticated", "admin"])
+ @api.validate(
+ resp=Response(
+ HTTP_200=OkayResponse,
+ HTTP_404=ErrorMessage,
+ HTTP_400=ErrorMessage
+ ),
+ tags=["forms", "responses"]
+ )
+ async def delete(self, request: Request) -> JSONResponse:
+ """Bulk deletes form responses by IDs."""
+ data = await request.json()
+
+ if "ids" not in data:
+ return JSONResponse({"error": "ids_not_provided"}, status_code=400)
+
+ # Convert IDs to set to remove duplicates
+ ids = set(data["ids"])
+
+ cursor = request.state.db.responses.find(
+ {"_id": {"$in": list(ids)}} # Convert here back to list, may throw error.
+ )
+ entries = [
+ FormResponse(**submission) for submission in await cursor.to_list(None)
+ ]
+ actual_ids = {entry.id for entry in entries}
+
+ if len(ids) != len(actual_ids):
+ return JSONResponse(
+ {
+ "error": "not_found",
+ "ids": list(ids - actual_ids)
+ },
+ status_code=404
+ )
+
+ if any(entry.form_id != request.path_params["form_id"] for entry in entries):
+ return JSONResponse(
+ {
+ "error": "wrong_form",
+ "ids": list(
+ entry.id for entry in entries
+ if entry.id != request.path_params["form_id"]
+ )
+ },
+ status_code=400
+ )
+
+ await request.state.db.responses.delete_many(
+ {
+ "_id": {"$in": list(actual_ids)}
+ }
+ )
+ return JSONResponse({"status": "ok"})
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-19 21:30:43 +0000