Added more tests, fixed settings

wes-otf · wes-otf · commit 9ae8d117098a · 2026-03-12T14:17:55.000-04:00
diff --git a/hypha/apply/funds/templates/submissions/all.html b/hypha/apply/funds/templates/submissions/all.html
@@ -500,15 +500,17 @@
                         {% heroicon_outline "trash" aria_hidden="true" size=14 class="stroke-base-content/80" %}
                         {% trans "Delete" %}
                     </button>
-                    <button
-                        hx-post="{% url 'apply:submissions:bulk-skeleton' %}"
-                        hx-include="[name='selectedSubmissionIds']"
-                        hx-confirm="{% trans 'Are you sure you want to anonymize the selected submissions? All draft submission will be deleted. This action cannot be undone.' %}"
-                        class="btn btn-sm"
-                    >
-                        {% heroicon_outline "user-minus" aria_hidden="true" size=14 class="stroke-base-content/80" %}
-                        {% trans "Anonymize" %}
-                    </button>
+                    {% if SUBMISSION_SKELETONING_ENABLED %}
+                        <button
+                            hx-post="{% url 'apply:submissions:bulk-skeleton' %}"
+                            hx-include="[name='selectedSubmissionIds']"
+                            hx-confirm="{% trans 'Are you sure you want to anonymize the selected submissions? All draft submission will be deleted. This action cannot be undone.' %}"
+                            class="btn btn-sm"
+                        >
+                            {% heroicon_outline "user-minus" aria_hidden="true" size=14 class="stroke-base-content/80" %}
+                            {% trans "Anonymize" %}
+                        </button>
+                    {% endif %}
                 {% endif %}
             </section>
         </header>
diff --git a/hypha/apply/funds/tests/views/test_submission_delete.py b/hypha/apply/funds/tests/views/test_submission_delete.py
@@ -1,5 +1,7 @@
+from django.test import override_settings
 from django.urls import reverse
 
+from hypha.apply.funds.models.submissions import ApplicationSubmissionSkeleton
 from hypha.apply.funds.tests.factories.models import ApplicationSubmissionFactory
 from hypha.apply.funds.workflows import DRAFT_STATE
 from hypha.apply.users.tests.factories import AdminFactory, ApplicantFactory
@@ -26,8 +28,9 @@ def test_submission_delete_by_admin(db, client):
     assert res.status_code == 200
     assert "<form" in res.content.decode()
     assert f'action="{delete_url}"' in res.content.decode()
+    assert "id_anon_or_delete" not in res.content.decode()
 
-    res = client.post(delete_url, data={"delete": "delete"})
+    res = client.post(delete_url, data={"delete": "delete", "anon_or_delete": "DELETE"})
     assert res.status_code == 302
     assert res.url == "/apply/submissions/all/"
 
@@ -36,6 +39,61 @@ def test_submission_delete_by_admin(db, client):
     assert res.status_code == 404
 
 
+@override_settings(SUBMISSION_SKELETONING_ENABLED=True)
+def test_submission_delete_by_admin_skeleton_enabled(db, client):
+    # Check admin can delete submission
+    user = AdminFactory()
+    submission = ApplicationSubmissionFactory()
+
+    client.force_login(user)
+    delete_url = reverse("apply:submissions:delete", kwargs={"pk": submission.pk})
+    res = client.get(delete_url)
+    assert res.status_code == 200
+    assert "<form" in res.content.decode()
+    assert f'action="{delete_url}"' in res.content.decode()
+
+    res = client.post(delete_url, data={"delete": "delete", "anon_or_delete": "DELETE"})
+    assert res.status_code == 302
+    assert res.url == "/apply/submissions/all/"
+
+    # Check submission is deleted
+    res = client.get(delete_url)
+    assert res.status_code == 404
+
+    # Ensure no skeleton submission was created
+    assert ApplicationSubmissionSkeleton.objects.all().count() == 0
+
+
+@override_settings(SUBMISSION_SKELETONING_ENABLED=True)
+def test_submission_skeleton_by_admin_skeleton_enabled(db, client):
+    user = AdminFactory()
+    submission = ApplicationSubmissionFactory()
+
+    client.force_login(user)
+    delete_url = reverse("apply:submissions:delete", kwargs={"pk": submission.pk})
+    res = client.get(delete_url)
+    assert res.status_code == 200
+    assert "<form" in res.content.decode()
+    assert f'action="{delete_url}"' in res.content.decode()
+
+    # Add the skeleton option to the delete form
+    res = client.post(
+        delete_url, data={"delete": "delete", "anon_or_delete": "ANONYMIZE"}
+    )
+    assert res.status_code == 302
+    assert res.url == "/apply/submissions/all/"
+
+    # Check submission is deleted
+    res = client.get(delete_url)
+    assert res.status_code == 404
+
+    # Ensure a new skeleton submission was created
+    assert ApplicationSubmissionSkeleton.objects.all().count() == 1
+
+    last_skeleton = ApplicationSubmissionSkeleton.objects.last()
+    assert last_skeleton.value == submission.form_data["value"]
+
+
 def test_submission_delete_by_applicant(db, client):
     user = ApplicantFactory()
     submission = ApplicationSubmissionFactory(user=user, status=DRAFT_STATE)
diff --git a/hypha/apply/funds/views/all.py b/hypha/apply/funds/views/all.py
@@ -9,7 +9,12 @@
 from django.core.exceptions import PermissionDenied
 from django.core.paginator import Paginator
 from django.db import models
-from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
+from django.http import (
+    HttpRequest,
+    HttpResponse,
+    HttpResponseForbidden,
+    HttpResponseNotAllowed,
+)
 from django.shortcuts import render
 from django.urls import reverse_lazy
 from django.utils.translation import gettext as _
@@ -383,21 +388,24 @@ def bulk_delete_submissions(request):
 @login_required
 @require_http_methods(["POST"])
 def bulk_skeleton_submissions(request):
-    if not permissions.can_bulk_delete_submissions(request.user):
-        return HttpResponseForbidden()
+    if settings.SUBMISSION_SKELETONING_ENABLED:
+        if not permissions.can_bulk_delete_submissions(request.user):
+            return HttpResponseForbidden()
 
-    submission_ids = request.POST.getlist("selectedSubmissionIds")
-    submissions = ApplicationSubmission.objects.filter(id__in=submission_ids).values(
-        "id", "form_data", "page_id", "round_id", "status", "submit_time"
-    )
+        submission_ids = request.POST.getlist("selectedSubmissionIds")
+        submissions = ApplicationSubmission.objects.filter(
+            id__in=submission_ids
+        ).values("id", "form_data", "page_id", "round_id", "status", "submit_time")
 
-    services.bulk_covert_to_skeleton_submissions(
-        submissions=submissions,
-        user=request.user,
-        request=request,
-    )
+        services.bulk_covert_to_skeleton_submissions(
+            submissions=submissions,
+            user=request.user,
+            request=request,
+        )
 
-    return HttpResponseClientRefresh()
+        return HttpResponseClientRefresh()
+
+    return HttpResponseNotAllowed()
 
 
 @login_required
diff --git a/hypha/settings/base.py b/hypha/settings/base.py
@@ -90,7 +90,7 @@
 # Enable Projects in Hypha. Contracts and invoicing that comes after a submission is approved.
 PROJECTS_ENABLED = env.bool("PROJECTS_ENABLED", False)
 
-SUBMISSION_SKELETONING_ENABLED = True
+SUBMISSION_SKELETONING_ENABLED = env.bool("SUBMISSION_SKELETONING_ENABLED", False)
 
 # Auto create projects for approved applications.
 PROJECTS_AUTO_CREATE = env.bool("PROJECTS_AUTO_CREATE", False)
