Merge pull request #29 from bjcoleman/delete_group

Implement and test group deletion.

Author: bjcoleman

src/cost_sharing/app.py

@@ -324,6 +324,46 @@ def get_group(groupId):  # pylint: disable=C0103
                 "message": "Access denied"
             }), 403
 
+    @app.route('/groups/<int:groupId>', methods=['DELETE'])
+    @require_auth
+    def delete_group(groupId):  # pylint: disable=C0103, R0911
+        """
+        Delete a group (only if no expenses exist).
+
+        Requires valid JWT token in Authorization header.
+        Caller must be a member of the group.
+        Group can only be deleted if it has no expenses.
+        Returns 204 No Content on successful deletion.
+        """
+        # Get user_id from g (set by require_auth decorator)
+        user_id = g.user_id
+
+        try:
+            # Delete group from application layer (includes all authorization
+            # checks and expense validation)
+            application.delete_group(groupId, user_id)
+
+            # Return 204 No Content (no response body)
+            return '', 204
+
+        except GroupNotFoundError:
+            return jsonify({
+                "error": "Resource not found",
+                "message": "Group not found"
+            }), 404
+
+        except ForbiddenError:
+            return jsonify({
+                "error": "Forbidden",
+                "message": "Access denied"
+            }), 403
+
+        except ConflictError as e:
+            return jsonify({
+                "error": "Conflict",
+                "message": str(e)
+            }), 409
+
     @app.route('/groups/<int:groupId>/members', methods=['POST'])
     @require_auth
     def add_group_member(groupId):  # pylint: disable=C0103, R0911, R0912

src/cost_sharing/cost_sharing.py

@@ -200,6 +200,30 @@ def remove_group_member(self, group_id, user_id, caller_user_id): # pylint: disa
         # Remove member from group
         self._storage.delete_group_member(group_id, user_id)
 
+    def delete_group(self, group_id, user_id):
+        """
+        Delete a group (only if no expenses exist).
+
+        Args:
+            group_id: Group ID to delete
+            user_id: User ID of the requesting user (must be a member)
+
+        Raises:
+            GroupNotFoundError: If group doesn't exist
+            ForbiddenError: If user is not a member of the group
+            ConflictError: If group has existing expenses
+        """
+        # Verify authorization (raises GroupNotFoundError or ForbiddenError if invalid)
+        self.get_group_by_id(group_id, user_id)
+
+        # Check if group has any expenses
+        expenses = self._storage.get_group_expenses(group_id)
+        if len(expenses) > 0:
+            raise ConflictError("Cannot delete group with existing expenses")
+
+        # Delete group in storage layer
+        self._storage.delete_group(group_id)
+
     def get_group_expenses(self, group_id, user_id):
         """
         Get all expenses for a group, ensuring the user is a member.

src/cost_sharing/db_storage.py

@@ -327,6 +327,29 @@ def delete_group_member(self, group_id, user_id):
             self._conn.rollback()
             raise StorageException(f"Database error deleting member: {e}") from e
 
+    def delete_group(self, group_id):
+        """
+        Delete a group by ID.
+
+        The group_members records will be automatically deleted
+        via CASCADE foreign key constraint.
+
+        Args:
+            group_id: Group ID to delete
+
+        Raises:
+            StorageException: If a database error occurs
+        """
+        try:
+            self._conn.execute(
+                'DELETE FROM groups WHERE id = ?',
+                (group_id,)
+            )
+            self._conn.commit()
+        except sqlite3.Error as e:
+            self._conn.rollback()
+            raise StorageException(f"Database error deleting group: {e}") from e
+
     def get_group_expenses(self, group_id):
         """
         Get all expenses for a group.

src/cost_sharing/static/js/script.js

@@ -310,7 +310,218 @@ function submitCreateGroup(event) {
 }
 
 function handleDeleteGroup(groupId) {
-    alert('Not implemented');
+    if (!currentToken) {
+        showError('You must be logged in to delete a group');
+        return;
+    }
+    if (!currentGroup || currentGroup.id !== groupId) {
+        // Need to fetch group details first
+        fetchGroupDetailsForDelete(groupId);
+    } else {
+        showDeleteGroupConfirmationModal(currentGroup);
+    }
+}
+
+function fetchGroupDetailsForDelete(groupId) {
+    fetch(`${API_BASE}/groups/${groupId}`, {
+        headers: {
+            'Authorization': `Bearer ${currentToken}`
+        }
+    })
+        .then(response => {
+            if (!response.ok) {
+                if (response.status === 401) {
+                    logout();
+                    throw new Error('Authentication failed');
+                }
+                if (response.status === 403) {
+                    throw new Error('You do not have access to this group');
+                }
+                if (response.status === 404) {
+                    throw new Error('Group not found');
+                }
+                return response.json().then(data => {
+                    throw new Error(data.message || 'Failed to fetch group details');
+                });
+            }
+            return response.json();
+        })
+        .then(group => {
+            showDeleteGroupConfirmationModal(group);
+        })
+        .catch(error => {
+            console.error('Error:', error);
+            showError(error.message || 'Failed to fetch group details');
+        });
+}
+
+function showDeleteGroupConfirmationModal(group) {
+    // Create modal if it doesn't exist
+    let modalOverlay = document.getElementById('delete-group-modal');
+    if (!modalOverlay) {
+        modalOverlay = document.createElement('div');
+        modalOverlay.id = 'delete-group-modal';
+        modalOverlay.className = 'modal-overlay';
+        modalOverlay.innerHTML = `
+            <div class="modal">
+                <div class="modal-header">
+                    <h2>Delete Group</h2>
+                    <button class="modal-close" onclick="closeDeleteGroupModal()">&times;</button>
+                </div>
+                <p>Are you sure you want to delete this group?</p>
+                <p style="font-weight: 600; color: #333; margin: 10px 0;">"<span id="delete-group-name"></span>"</p>
+                <p style="color: #6c757d; font-size: 0.9em;">This action cannot be undone. The group can only be deleted if it has no expenses.</p>
+                <div class="form-actions">
+                    <button type="button" class="secondary" onclick="closeDeleteGroupModal()">Cancel</button>
+                    <button type="button" class="danger" id="confirm-delete-group-btn" onclick="confirmDeleteGroup()">Delete</button>
+                </div>
+            </div>
+        `;
+        document.body.appendChild(modalOverlay);
+        
+        // Close modal when clicking outside
+        modalOverlay.addEventListener('click', function(event) {
+            if (event.target === modalOverlay) {
+                closeDeleteGroupModal();
+            }
+        });
+    }
+
+    // Update group name in modal
+    const nameEl = document.getElementById('delete-group-name');
+    if (nameEl) {
+        nameEl.textContent = group.name || '';
+    }
+
+    // Store group ID for deletion
+    modalOverlay.dataset.groupId = group.id;
+
+    modalOverlay.classList.add('active');
+}
+
+function closeDeleteGroupModal() {
+    const modalOverlay = document.getElementById('delete-group-modal');
+    if (modalOverlay) {
+        modalOverlay.classList.remove('active');
+    }
+}
+
+function showDeleteGroupErrorModal(errorMessage) {
+    // Create modal if it doesn't exist
+    let modalOverlay = document.getElementById('delete-group-error-modal');
+    if (!modalOverlay) {
+        modalOverlay = document.createElement('div');
+        modalOverlay.id = 'delete-group-error-modal';
+        modalOverlay.className = 'modal-overlay';
+        modalOverlay.innerHTML = `
+            <div class="modal">
+                <div class="modal-header">
+                    <h2>Error</h2>
+                    <button class="modal-close" onclick="closeDeleteGroupErrorModal()">&times;</button>
+                </div>
+                <p style="color: #dc3545; font-weight: 600; margin: 10px 0;"><span id="delete-group-error-message"></span></p>
+                <div class="form-actions">
+                    <button type="button" class="secondary" onclick="closeDeleteGroupErrorModal()">Close</button>
+                </div>
+            </div>
+        `;
+        document.body.appendChild(modalOverlay);
+        
+        // Close modal when clicking outside
+        modalOverlay.addEventListener('click', function(event) {
+            if (event.target === modalOverlay) {
+                closeDeleteGroupErrorModal();
+            }
+        });
+    }
+
+    // Update error message in modal
+    const messageEl = document.getElementById('delete-group-error-message');
+    if (messageEl) {
+        messageEl.textContent = errorMessage;
+    }
+
+    modalOverlay.classList.add('active');
+}
+
+function closeDeleteGroupErrorModal() {
+    const modalOverlay = document.getElementById('delete-group-error-modal');
+    if (modalOverlay) {
+        modalOverlay.classList.remove('active');
+    }
+}
+
+function confirmDeleteGroup() {
+    const modalOverlay = document.getElementById('delete-group-modal');
+    if (!modalOverlay) {
+        return;
+    }
+
+    const groupId = parseInt(modalOverlay.dataset.groupId);
+
+    if (!groupId) {
+        showError('Group information not available');
+        return;
+    }
+
+    if (!currentToken) {
+        showError('You must be logged in to delete a group');
+        closeDeleteGroupModal();
+        return;
+    }
+
+    // Disable delete button during submission
+    const deleteButton = document.getElementById('confirm-delete-group-btn');
+    const originalText = deleteButton.textContent;
+    deleteButton.disabled = true;
+    deleteButton.textContent = 'Deleting...';
+
+    fetch(`${API_BASE}/groups/${groupId}`, {
+        method: 'DELETE',
+        headers: {
+            'Authorization': `Bearer ${currentToken}`
+        }
+    })
+        .then(response => {
+            if (!response.ok) {
+                if (response.status === 401) {
+                    logout();
+                    throw new Error('Authentication failed');
+                }
+                if (response.status === 403) {
+                    throw new Error('You do not have permission to delete this group');
+                }
+                if (response.status === 404) {
+                    throw new Error('Group not found');
+                }
+                if (response.status === 409) {
+                    return response.json().then(data => {
+                        throw new Error(data.message || 'Cannot delete this group');
+                    });
+                }
+                return response.json().then(data => {
+                    throw new Error(data.message || 'Failed to delete group');
+                });
+            }
+            // DELETE returns 204 No Content, so no JSON to parse
+            return null;
+        })
+        .then(() => {
+            closeDeleteGroupModal();
+            // Go back to groups list
+            showGroupsList();
+            // Reload groups list
+            fetchGroups();
+        })
+        .catch(error => {
+            console.error('Error:', error);
+            closeDeleteGroupModal();
+            showDeleteGroupErrorModal(error.message || 'Failed to delete group');
+        })
+        .finally(() => {
+            deleteButton.disabled = false;
+            deleteButton.textContent = originalText;
+        });
 }
 
 function viewGroupDetails(groupId) {