From 9c62a79af6ecf88c6da5eb83c7293ccaefe329a6 Mon Sep 17 00:00:00 2001
From: John Abrahams <jabrah20@jhu.edu>
Date: Thu, 22 Feb 2024 12:39:51 -0500
Subject: [PATCH] Add Delete permissions for Submission and Publication

---
 .../org/eclipse/pass/main/security/AccessControlTest.java     | 4 ++--
 .../main/java/org/eclipse/pass/object/model/Publication.java  | 2 ++
 .../main/java/org/eclipse/pass/object/model/Submission.java   | 2 ++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pass-core-main/src/test/java/org/eclipse/pass/main/security/AccessControlTest.java b/pass-core-main/src/test/java/org/eclipse/pass/main/security/AccessControlTest.java
index 7a866d2d..2e820129 100644
--- a/pass-core-main/src/test/java/org/eclipse/pass/main/security/AccessControlTest.java
+++ b/pass-core-main/src/test/java/org/eclipse/pass/main/security/AccessControlTest.java
@@ -327,7 +327,7 @@ public void testCreateUpdateDeleteSubmissionAsShibUser() throws IOException, JSO
 
             Response response = client.newCall(request).execute();
 
-            check(response, 403);
+            check(response, 204);
         }
     }
 
@@ -373,7 +373,7 @@ public void testCreateUpdateDeletePublicationAsShibUser() throws IOException, JS
 
             Response response = client.newCall(request).execute();
 
-            check(response, 403);
+            check(response, 204);
         }
     }
 
diff --git a/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Publication.java b/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Publication.java
index b2991140..96be07f3 100644
--- a/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Publication.java
+++ b/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Publication.java
@@ -18,6 +18,7 @@
 import java.util.Objects;
 
 import com.yahoo.elide.annotation.CreatePermission;
+import com.yahoo.elide.annotation.DeletePermission;
 import com.yahoo.elide.annotation.Include;
 import com.yahoo.elide.annotation.UpdatePermission;
 import jakarta.persistence.Column;
@@ -33,6 +34,7 @@
 
 @CreatePermission(expression = "User is Backend OR User is Submitter")
 @UpdatePermission(expression = "User is Backend OR User is Submitter")
+@DeletePermission(expression = "User is Backend OR User is Submitter")
 @Include
 @Entity
 @Table(name = "pass_publication")
diff --git a/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Submission.java b/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Submission.java
index a836603b..970e3a21 100644
--- a/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Submission.java
+++ b/pass-core-object-service/src/main/java/org/eclipse/pass/object/model/Submission.java
@@ -22,6 +22,7 @@
 import java.util.Objects;
 
 import com.yahoo.elide.annotation.CreatePermission;
+import com.yahoo.elide.annotation.DeletePermission;
 import com.yahoo.elide.annotation.Include;
 import com.yahoo.elide.annotation.UpdatePermission;
 import jakarta.persistence.Column;
@@ -44,6 +45,7 @@
 
 @CreatePermission(expression = "User is Backend OR User is Submitter")
 @UpdatePermission(expression = "User is Backend OR Object part of User Submission")
+@DeletePermission(expression = "User is Backend OR Object part of User Submission")
 @Include
 @Entity
 @Table(name = "pass_submission")