Remove report flag for removal

[sambodeme]

Description

This PR introduces the logic change necessary to allow staff users to delete reports flagged for removal for over 6 months using the Django admin interface.

How to Test:

1. Switch to this PR branch: In your local environment, check out this branch and launch the application.
2. Create Test Data: Create four reports:
   • Leave three reports in the "In Progress" state.
   • Complete the submission process for the fourth report.
3. Flag Reports for Removal: Use the delete icon to flag two "In Progress" reports for removal.
4. Update Transition Dates:
   • Use your database client to connect to your local database.
   • Update the transition_date field for one of the flagged reports:
     • Ensure the transition_date is at least six months prior to the current date.
5. Run the Admin Action:
   • Access the Django admin interface.
   • Navigate to SF-SACs.
   • Run the action titled Delete reports flagged for removal for over 6 months.

Expected Outcome:

• The report in the "Submitted" state is not removed.
• The report in the "In Progress" state is not removed.
• The report flagged for removal with a transition_date less than six months from the current date is not removed.
• Only the report flagged for removal with a transition_date greater than six months from the current date is removed.

PR Checklist: Submitter

• Link to an issue if possible. If there’s no issue, describe what your branch does. Even if there is an issue, a brief description in the PR is still useful.
• List any special steps reviewers have to follow to test the PR. For example, adding a local environment variable, creating a local test file, etc.
• For extra credit, submit a screen recording like this one.
• Make sure you’ve merged main into your branch shortly before creating the PR. (You should also be merging main into your branch regularly during development.)
• Make sure you’ve accounted for any migrations. When you’re about to create the PR, bring up the application locally and then run git status | grep migrations. If there are any results, you probably need to add them to the branch for the PR. Your PR should have only one new migration file for each of the component apps, except in rare circumstances; you may need to delete some and re-run python manage.py makemigrations to reduce the number to one. (Also, unless in exceptional circumstances, your PR should not delete any migration files.)
• Make sure that whatever feature you’re adding has tests that cover the feature. This includes test coverage to make sure that the previous workflow still works, if applicable.
• Make sure the full-submission.cy.js Cypress test passes, if applicable.
• Do manual testing locally. Our tests are not good enough yet to allow us to skip this step. If that’s not applicable for some reason, check this box.
• Verify that no Git surgery was necessary, or, if it was necessary at any point, repeat the testing after it’s finished.
• Once a PR is merged, keep an eye on it until it’s deployed to dev, and do enough testing on dev to verify that it deployed successfully, the feature works as expected, and the happy path for the broad feature area (such as submission) still works.
• Ensure that prior to merging, the working branch is up to date with main and the terraform plan is what you expect.

PR Checklist: Reviewer

• Pull the branch to your local environment and run make docker-clean; make docker-first-run && docker compose up; then run docker compose exec web /bin/bash -c "python manage.py test"
• Manually test out the changes locally, or check this box to verify that it wasn’t applicable in this case.
• Check that the PR has appropriate tests. Look out for changes in HTML/JS/JSON Schema logic that may need to be captured in Python tests even though the logic isn’t in Python.
• Verify that no Git surgery is necessary at any point (such as during a merge party), or, if it was, repeat the testing after it’s finished.

The larger the PR, the stricter we should be about these points.

Pre Merge Checklist: Merger

• Ensure that prior to approving, the terraform plan is what we expect it to be. -/+ resource "null_resource" "cors_header" should be destroying and recreating its self and ~ resource "cloudfoundry_app" "clamav_api" might be updating its sha256 for the fac-file-scanner and fac-av-${ENV} by default.
• Ensure that the branch is up to date with main.
• Ensure that a terraform plan has been recently generated for the pull request.

[github-actions]

Terraform plan for meta

No changes. Your infrastructure matches the configuration.

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

✅ Plan applied in Deploy to Development and Management Environment #895

[github-actions]

Terraform plan for dev

Plan: 1 to add, 0 to change, 1 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.dev.module.cors.null_resource.cors_header must be replaced
-/+ resource "null_resource" "cors_header" {
!~      id       = "*******************" -> (known after apply)
!~      triggers = { # forces replacement
!~          "always_run" = "2024-12-30T16:46:34Z" -> (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

✅ Plan applied in Deploy to Development and Management Environment #895

[gsa-jrothacker]

I am still getting caught up to speed on Django ORM...

It looks like we iterate over all the SAC records, then one by one delete entries with a foreign key relation, followed by deleting the single sac.

Does Django handle all those delete as a single transaction? If no, I am a bit concerned about failures in the middle of this process. For example, what if the SubmissionEvent fails to delete, won't that leave us in an inconsistent state?

If the database has cascading deletes on all the foreign key constraints, we could get away with just deleting all the sacs at once rather than in loop.

[sambodeme]

Placing this process under a transaction is generally a good idea to avoid unexpected issues. The current implementation, even without a global transaction, will not leave the database in an inconsistent state. This is because the sac record, which acts as the parent for all the other records in the list, is only removed at the end of the process. If an unexpected issue occurs midway through the process, the sac record will remain intact. When the action is re-run, it will clean up any remaining child records before finally removing the sac. As long as the parent sac record is not removed prematurely, the child records can be handled in subsequent runs of the deletion action.
That said, I still add a global transaction as an extra layer of protection.

[gsa-jrothacker]

I really like small self contained files like this.

[phildominguez-gsa]

I can't seem to get any to delete. Here is my sample set:

The non-disseminated ones set in 2023 should be deletable, right?

I also have a question. If an audit is created and never gets past the in_progress status, will it never be deletable because it has no transition dates?

[sambodeme]

I can't seem to get any to delete. Here is my sample set: The non-disseminated ones set in 2023 should be deletable, right?

I also have a question. If an audit is created and never gets past the in_progress status, will it never be deletable because it has no transition dates?

You missed step 3. Reports should be flagged for removal before you can delete them. This holds for your two questions.

[github-actions]

Package	Line Rate	Branch Rate	Health
.	100%	100%	✔
api	98%	90%	✔
audit	97%	87%	✔
audit.cross_validation	98%	88%	✔
audit.fixtures	84%	50%	❌
audit.intakelib	90%	81%	➖
audit.intakelib.checks	92%	85%	➖
audit.intakelib.common	98%	82%	✔
audit.intakelib.transforms	100%	95%	✔
audit.management.commands	78%	17%	❌
audit.migrations	100%	100%	✔
audit.models	94%	76%	➖
audit.templatetags	100%	100%	✔
audit.views	70%	54%	❌
census_historical_migration	96%	65%	✔
census_historical_migration.migrations	100%	100%	✔
census_historical_migration.sac_general_lib	92%	84%	➖
census_historical_migration.transforms	95%	90%	✔
census_historical_migration.workbooklib	68%	69%	❌
config	76%	31%	❌
curation	100%	100%	✔
curation.curationlib	93%	100%	➖
curation.migrations	100%	100%	✔
dissemination	91%	70%	➖
dissemination.migrations	97%	25%	✔
dissemination.searchlib	74%	64%	❌
dissemination.templatetags	100%	100%	✔
djangooidc	53%	38%	❌
djangooidc.tests	100%	94%	✔
report_submission	93%	88%	➖
report_submission.migrations	100%	100%	✔
report_submission.templatetags	74%	100%	❌
support	91%	66%	➖
support.migrations	100%	100%	✔
support.models	96%	50%	✔
tools	98%	50%	✔
users	95%	92%	➖
users.fixtures	100%	83%	✔
users.management	100%	100%	✔
users.management.commands	100%	100%	✔
users.migrations	100%	100%	✔
Summary	91% (17999 / 19776)	77% (2233 / 2916)	➖