louis/oktopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): allow user to delete his own account

Browse Source
This commit is contained in:
leandrofars 2024-04-30 17:45:05 -03:00
parent 0327fa9969
commit 5dd34fb073
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
backend/services/controller/internal/api/user.go
View File

@ -105,22 +105,22 @@ func (a *Api) deleteUser(w http.ResponseWriter, r *http.Request) {
//Check if user which is requesting deletion has the necessary privileges //Check if user which is requesting deletion has the necessary privileges
rUser, err := a.db.FindUser(email) rUser, err := a.db.FindUser(email)
if rUser.Level != AdminUser { if err != nil {
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusInternalServerError)
return return
} }
userEmail := mux.Vars(r)["user"] userEmail := mux.Vars(r)["user"]
if userEmail == email {
w.WriteHeader(http.StatusBadRequest)
return
}
if rUser.Email == userEmail || (rUser.Level == AdminUser && rUser.Email != userEmail) { //Admin can delete any user, but can't delete himself
if err := a.db.DeleteUser(userEmail); err != nil { if err := a.db.DeleteUser(userEmail); err != nil {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
json.NewEncoder(w).Encode(err) json.NewEncoder(w).Encode(err)
return return
} }
} else {
w.WriteHeader(http.StatusForbidden)
}
} }
func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) { func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {