feat: Add conversation delete feature (#11677)

<img width="1240" alt="Screenshot 2025-06-05 at 12 39 04 AM" src="https://github.com/user-attachments/assets/0071cd23-38c3-4638-946e-f1fbd11ec845" /> ## Changes Give the admins an option to delete conversation via the context menu - enable conversation deletion in routes and controller - expose delete API on conversations - add delete option in conversation context menu and integrate with card and list - implement store action and mutation for delete - update i18n with new strings fixes: https://github.com/chatwoot/chatwoot/issues/947 --------- Co-authored-by: iamsivin <iamsivin@gmail.com> Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com> Co-authored-by: Pranav <pranavrajs@gmail.com>
2025-06-05 15:53:17 -05:00
parent 4c0d096e4d
commit 273c277d47
22 changed files with 312 additions and 22 deletions
--- a/spec/controllers/api/v1/accounts/conversations_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/conversations_controller_spec.rb
@@ -926,4 +926,63 @@ RSpec.describe 'Conversations API', type: :request do
      end
    end
  end
+
+  describe 'DELETE /api/v1/accounts/{account.id}/conversations/:id' do
+    let(:conversation) { create(:conversation, account: account) }
+    let(:agent) { create(:user, account: account, role: :agent) }
+    let(:administrator) { create(:user, account: account, role: :administrator) }
+
+    context 'when it is an unauthenticated user' do
+      it 'returns unauthorized' do
+        delete "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}"
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated agent' do
+      before do
+        create(:inbox_member, user: agent, inbox: conversation.inbox)
+      end
+
+      it 'returns unauthorized' do
+        delete "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}",
+               headers: agent.create_new_auth_token,
+               as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+        response_body = response.parsed_body
+        expect(response_body['error']).to eq('You are not authorized to do this action')
+      end
+    end
+
+    context 'when it is an authenticated administrator' do
+      before do
+        create(:inbox_member, user: administrator, inbox: conversation.inbox)
+      end
+
+      it 'successfully deletes the conversation' do
+        expect do
+          delete "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}",
+                 headers: administrator.create_new_auth_token,
+                 as: :json
+        end.to have_enqueued_job(DeleteObjectJob).with(conversation, administrator, anything)
+
+        expect(response).to have_http_status(:ok)
+      end
+
+      it 'can delete conversations from inboxes without direct access' do
+        other_inbox = create(:inbox, account: account)
+        other_conversation = create(:conversation, account: account, inbox: other_inbox)
+
+        expect do
+          delete "/api/v1/accounts/#{account.id}/conversations/#{other_conversation.display_id}",
+                 headers: administrator.create_new_auth_token,
+                 as: :json
+        end.to have_enqueued_job(DeleteObjectJob).with(other_conversation, administrator, anything)
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+  end
 end