Logical/Physical Delete Behavior for model objects

We'd like to have a consistent and safe way for study designers (almost always the implementers, so people with the DEVELOPER role) to delete and remove things as they set up a study. Often our delete APIs remove things from the database, and so those calls are only accessible to administrators for test clean-up.

Here's how we'll support both through our rest API:

class Apple

boolean deleted - this flag should be part of the public API of the object.

GET /apples?includeDeleted=boolean

• by default, should not include deleted apples
• because deleted apples may be referenced elsewhere, UIs may still need them for labels, etc., so include a flag to return deleted apples, too

Tests

• Can retrieve items (getAppleWorks()
• With a logically deleted item, the includeDeleted flag shows/hides these logically deleted items (getApplesIncludes/ExcludesDeleted)
• Physically deleted item does not appear regardless of the includeDeleted flag (this is a good integration test) (getApplesExcludesPhysicallyDeleted)

GET /apples/id

• always return this item regardless of deletion status so references do not break
• Note: if developers try and retrieve objects, to verify they are not referencing older models in their apps, this aspect of our API could be misleading. Their apps will continue to work, but the returned items will be marked deleted=true. Just something to be aware of.

Tests

• Can retrieve item regardless of whether or not it is marked deleted (getApplesIncludesLogicallyDeleted)

POST /apples

• should not be able to create an apple in a deleted state (deleted always = false) (createAppleNeverDeleted)

POST /apples/id

• should be able change the deleted flag if you can update the object

Tests

• If item is deleted and update is deleted, then throw an EntityNotFoundException (updateLogicallyDeletedAppleThrows)
• If item is deleted and update is not deleted, this is allowed and the resulting item is not deleted (updateCanUndeleteApple)
• If item is not deleted and update is not deleted, this is allowed and the resulting item is not deleted (updateApple)
• If item is not deleted and update is deleted, this is allowed and resulting item is deleted (no need to prevent this) (updateCanDeleteApple)

DELETE /apples/id or DELETE /apples?id=x

• sets deleted = false and that's it. This is an option for both developers and administrators.

Tests

• If item is already logically deleted, throw an EntityNotFoundException (deletingLogicallyDeletedAppleThrows)
• If item is not marked deleted, mark it as deleted (logicallyDeletingAppleWorks)

DELETE /applies/id?physical=true or DELETE /apples?id=x&physical=true

• physically removes item from database if and only if the caller is an administrator (otherwise falls back to a logical delete)

Tests

• If item is not in database, throw an EntityNotFoundException (physicallyDeletingMissingAppleThrows)
• If item is in database but logically deleted, this should physically delete the item (physicallyDeletingLogicallyDeletedAppleWorks)

Dependent Objects

Objects that cannot be deleted because they would leave other objects with referential integrity problems:

• If the referencing object is logically deleted, the dependent object can be logically deleted;
• If the referencing object is logically deleted, the dependent object cannot be physically deleted;
• If the referencing object is physically deleted, then there isn't a problem anymore. The dependent object can be logically or physically deleted.

Tests