Filter deleted resources in get_by_id repository methods

[Copilot]

What is being addressed

The get_*_by_id methods in repository classes return deleted resources, while list methods filter them out. This allows accessing deleted workspaces, workspace services, user resources, and shared services via direct URL after deletion.

How is this addressed

Added deploymentStatus != Status.Deleted filter to all get_by_id queries:

• WorkspaceRepository.get_workspace_by_id()
• WorkspaceServiceRepository.get_workspace_service_by_id()
• UserResourceRepository.get_user_resource_by_id()
• SharedServiceRepository.get_shared_service_by_id()

Query pattern:

query += ' AND c.deploymentStatus != @deletedStatus'
parameters.append({'name': '@deletedStatus', 'value': Status.Deleted})

Updated unit tests to verify deleted resources raise EntityDoesNotExist.

Updated CHANGELOG.md with bug fix entry and component version update.

Incremented API version from 0.25.6 to 0.25.7.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Deleted workspaces are still accessible via URL</issue_title>
<issue_description>Describe the bug
workspaces are still accessible via their URL after they are deleted
See also #4307 as this functionality may be required

Steps to reproduce

1. Create a workspace
2. copy the url
3. delete the workspace
4. re-visit the url

Azure TRE release version (e.g. v0.14.0 or main):
main
Deployed Azure TRE components - click the (i) in the UI:

Azure TRE
UI Version:
0.8.17
API Version:
0.25.2</issue_description>

Comments on the Issue (you are @copilot in this section)

@marrobi Ok, it looks like the get `X_by_id` methods are not filtering deleted out, but the list methods are.

Entity Type	List Endpoint (filters deleted?)	Get-by-ID (filters deleted?)
Workspace	Yes	No
Workspace Service	Yes	No
User Resource	Yes	No
Shared Service	Yes	No

So need something like:

async def get_workspace_by_id(self, workspace_id: str) -> Workspace:
    query = 'SELECT * FROM c WHERE c.resourceType = @resourceType AND c.id = @workspaceId AND c.deploymentStatus != @deletedStatus'
    parameters = [
        {'name': '@resourceType', 'value': ResourceType.Workspace},
        {'name': '@workspaceId', 'value': str(workspace_id)},
        {'name': '@deletedStatus', 'value': Status.Deleted}
    ]
    workspaces = await self.query(query=query, parameters=parameters)
    if not workspaces:
        raise EntityDoesNotExist
    return parse_obj_as(Workspace, workspaces[0])

There should also be unit tests to verify this.

@tamirkamara @jonnyry welcome your view on this, I don't think these endpoints should return deleted resources?

@jonnyry @marrobi Hmm I can't think of a reason why the current codebase would need Get-by-ID methods to return deleted entities.

There might be some possible use cases in future, perhaps an audit trail or those outlined in #4307, but for those cases you could an additional optional parameter to include deleted resources (with a default of false).</comment_new>

• Fixes Deleted workspaces are still accessible via URL #4755

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit 52a0865.

[marrobi]

@copilot update the API version

[Copilot]

@copilot update the API version

Updated API version to 0.25.7 in commit 2e4d7e8