Problem: there is no way to delete an AIP

[sallain]

Is your feature request related to a problem? Please describe.

Once an AIP has been created, there is no way to delete it through Enduro. It is possible to delete the AIP in Archivematica or the Storage Service, but this means that 1) users have to leave Enduro, and 2) the deletion is not reflected in Enduro.

Describe the solution you'd like

While viewing a single AIP in Enduro, a user with sufficient permission should be given the option to delete the AIP through a UI button.

Similar to Archivematica, deletion should be a two-step process:

1. A user clicks a button to request that an AIP be deleted, and is prompted to provide a reason (text field).
2. A user approves or denies the deletion request, and is prompted to provide a reason (perhaps optional for approval but required for denial?)

Once the deletion request is approved, a API call should be sent to the Storage Service to delete the AIP. The Storage Service should be set to auto-approve deletion requests, so that the user doesn't need to repeat the deletion approval there. Enduro should then receive a confirmation that the package has been deleted (NOTE: based on the current SS API, this may require Enduro to poll the Storage Service for the package's status).

Throughout this workflow, all actions - deletion request, deletion approval/denial, deletion confirmation - should be recorded in an audit log that persists indefinitely (or as long as the user needs it to).

See Miro for the full proposed workflow, including status updates for the package.

Describe alternatives you've considered

We've gone through many iterations of this workflow, but this seems to be the simplest flow without compromising auditability of the deletion action.

Additional context

Copy of the Miro diagram as of 22 November 2024.

[sallain]

As a first iteration of this feature, the team agreed that we would implement the following:

• UI elements for happy path (deletion button, reason entry box, approval button, etc.)
• New status (Pending) for AIPs where a deletion request has been made
• API call to Storage Service to delete AIP
• Some way to receive confirmation from the Storage Service that the AIP was deleted
• New status (Deleted) for AIPs that have been successfully deleted
• Audit log to capture who/why/when

The first iteration does not need to include:

• Denial button and associated workflow
• Email or UI notifications
• Reports

[sallain]

@scollazo has confirmed the following:

• It is possible to auto-approve deletion requests in the Storage Service
• The deletion workflow deletes replicated AIPs