backend: delete user endpoint

2024-07-11 23:31:14 +02:00 · 2024-07-11 23:31:14 +02:00 · 5afe762b76
commit 5afe762b76
parent 238629fde6
2 changed files with 19 additions and 2 deletions
--- a/crates/backend/src/controller/user.rs
+++ b/crates/backend/src/controller/user.rs
@ -1,6 +1,6 @@
 use actix_web::{
    error::{ErrorInternalServerError, ErrorNotFound, ErrorUnauthorized},
-    web, Responder,
+    web, HttpResponse, Responder,
 };
 use argon2::{
    password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
@ -102,4 +102,21 @@ impl UserController {

        Ok(web::Json(UserWithoutPassword::from(result)))
    }
+
+    pub async fn delete_user(
+        state: web::Data<AppState>,
+        path: web::Path<Uuid>,
+        executor: AuthedUser,
+    ) -> actix_web::Result<impl Responder> {
+        let id = path.into_inner();
+        if !executor.0.admin || executor.0.id == id {
+            return Err(ErrorUnauthorized("Invalid Permissions"));
+        }
+        let db = &state.db;
+        entity::license::Entity::delete_by_id(id)
+            .exec(db)
+            .await
+            .map_err(ErrorInternalServerError)?;
+        Ok(HttpResponse::Ok().finish())
+    }
 }
--- a/crates/backend/src/routes.rs
+++ b/crates/backend/src/routes.rs
@ -10,7 +10,7 @@ pub fn config(cfg: &mut web::ServiceConfig) {
                    .post(UserController::create_user),
            )
            .route("/users/me", web::get().to(UserController::get_current_user))
-            .service(web::resource("/users/{user_id}"))
+            .service(web::resource("/users/{user_id}").delete(UserController::delete_user))
            .service(
                web::resource("/licenses")
                    .get(LicenseController::list_groups)