implement delete_ap()

dsp_permissions_scripts/models/groups.py

@@ -12,3 +12,6 @@ class BuiltinGroup(Enum):
     PROJECT_ADMIN = "http://www.knora.org/ontology/knora-admin#ProjectAdmin"
     CREATOR = "http://www.knora.org/ontology/knora-admin#Creator"
     SYSTEM_ADMIN = "http://www.knora.org/ontology/knora-admin#SystemAdmin"
+
+    def __str__(self):
+        return self.value

dsp_permissions_scripts/utils/ap.py

@@ -5,6 +5,7 @@
 import requests
 
 from dsp_permissions_scripts.models.ap import Ap, ApValue
+from dsp_permissions_scripts.models.groups import BuiltinGroup
 from dsp_permissions_scripts.utils.authentication import get_protocol
 from dsp_permissions_scripts.utils.get_logger import get_logger
 from dsp_permissions_scripts.utils.project import get_project_iri_by_shortcode
@@ -63,3 +64,44 @@ def get_aps_of_project(
     )
     logger.info(f"Found {len(aps)} Administrative Permissions")
     return aps
+
+
+def _filter_aps_by_group(
+    aps: list[Ap],
+    forGroup: BuiltinGroup | str,
+) -> Ap:
+    aps = [ap for ap in aps if str(ap.forGroup) == str(forGroup)]
+    assert len(aps) == 1
+    return aps[0]
+
+
+def _delete_single_ap(
+    ap: Ap,
+    host: str,
+    token: str,
+) -> None:
+    headers = {"Authorization": f"Bearer {token}"}
+    ap_iri = quote_plus(ap.iri, safe="")
+    protocol = get_protocol(host)
+    url = f"{protocol}://{host}/admin/permissions/{ap_iri}"
+    response = requests.delete(url, headers=headers, timeout=5)
+    assert response.status_code == 200
+    logger.info(f"Deleted Administrative Permission {ap.iri} on host {host}")
+
+
+def delete_ap(
+    host: str,
+    token: str,
+    existing_aps: list[Ap],
+    forGroup: BuiltinGroup | str,
+) -> None:
+    logger.info(f"Deleting the Administrative Permission for group {forGroup} on server {host}")
+    ap_to_delete = _filter_aps_by_group(
+        aps=existing_aps,
+        forGroup=forGroup,
+    )
+    _delete_single_ap(
+        ap=ap_to_delete,
+        host=host,
+        token=token,
+    )