@@ -203,6 +203,7 @@ def test_geometry_details_api_returns_correct_data(self):
203203 geometry_data = data ['geometry' ]
204204 self .assertEqual (geometry_data ['id' ], self .geometry .id )
205205 self .assertEqual (geometry_data ['id_kurz' ], 'TEST001' )
206+ self .assertEqual (geometry_data ['created_by_user_id' ], self .user .id )
206207 self .assertIn ('entries' , geometry_data )
207208
208209 # Check entries structure
@@ -288,6 +289,7 @@ def test_map_data_api_returns_lightweight_data(self):
288289 self .assertIn ('lat' , point )
289290 self .assertIn ('lng' , point )
290291 self .assertIn ('user' , point )
292+ self .assertEqual (point ['created_by_user_id' ], self .user .id )
291293
292294 # Should not contain entries or field data
293295 self .assertNotIn ('entries' , point )
@@ -416,7 +418,7 @@ def test_geometry_details_api_structure_matches_js_expectations(self):
416418 self .assertIn ('geometry' , data )
417419
418420 geometry = data ['geometry' ]
419- required_fields = ['id' , 'id_kurz' , 'address' , 'lat' , 'lng' , 'user' , 'entries' ]
421+ required_fields = ['id' , 'id_kurz' , 'address' , 'lat' , 'lng' , 'user' , 'created_by_user_id' , ' entries' ]
420422 for field in required_fields :
421423 self .assertIn (field , geometry , f"Required field { field } missing from geometry data" )
422424
@@ -573,3 +575,47 @@ def test_javascript_non_editable_fields_in_json_data(self):
573575 # This ensures the property name matches what JavaScript expects
574576 self .assertIn ('non_editable' , non_editable_data , "non_editable property should be in JSON" )
575577 self .assertEqual (non_editable_data ['non_editable' ], True , "non_editable should be True in JSON" )
578+
579+ def test_owner_can_delete_geometry_via_post (self ):
580+ """Dataset owner can delete a geometry; it is removed from the database."""
581+ client = Client ()
582+ client .force_login (self .user )
583+ gid = self .geometry .id
584+ url = reverse ('geometry_delete' , kwargs = {'geometry_id' : gid })
585+ response = client .post (url , HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' )
586+ self .assertEqual (response .status_code , 200 )
587+ self .assertTrue (response .json ().get ('success' ))
588+ self .assertFalse (DataGeometry .objects .filter (pk = gid ).exists ())
589+
590+ def test_shared_user_cannot_delete_others_geometry (self ):
591+ """Collaborators cannot delete geometries created by another user."""
592+ other = User .objects .create_user (username = 'collab' , email = 'c@example.com' , password = 'pass' )
593+ self .dataset .shared_with .add (other )
594+ client = Client ()
595+ client .force_login (other )
596+ gid = self .geometry .id
597+ url = reverse ('geometry_delete' , kwargs = {'geometry_id' : gid })
598+ response = client .post (url , HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' )
599+ self .assertEqual (response .status_code , 403 )
600+ self .assertTrue (DataGeometry .objects .filter (pk = gid ).exists ())
601+
602+ def test_creator_can_delete_own_geometry (self ):
603+ """A logged-in user can delete a geometry they created."""
604+ from django .contrib .gis .geos import Point
605+
606+ collab = User .objects .create_user (username = 'collab2' , email = 'c2@example.com' , password = 'pass' )
607+ self .dataset .shared_with .add (collab )
608+ own = DataGeometry .objects .create (
609+ dataset = self .dataset ,
610+ id_kurz = 'OWN001' ,
611+ address = 'Own point' ,
612+ geometry = Point (16.0 , 48.1 ),
613+ user = collab ,
614+ )
615+ client = Client ()
616+ client .force_login (collab )
617+ url = reverse ('geometry_delete' , kwargs = {'geometry_id' : own .id })
618+ response = client .post (url , HTTP_X_REQUESTED_WITH = 'XMLHttpRequest' )
619+ self .assertEqual (response .status_code , 200 )
620+ self .assertTrue (response .json ().get ('success' ))
621+ self .assertFalse (DataGeometry .objects .filter (pk = own .id ).exists ())
0 commit comments