65 lines
2.4 KiB
Rust
65 lines
2.4 KiB
Rust
use crate::database::controller::groups::delete_group;
|
|
use crate::database::controller::members::check_access_to_resource;
|
|
|
|
|
|
use crate::helper::session_cookies::model::SessionCookie;
|
|
use crate::helper::settings::Settings;
|
|
use crate::helper::translate_diesel_error::translate_diesel;
|
|
|
|
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
|
|
use crate::modules::api::model::api_outcome::{ApiError, ApiErrorWrapper};
|
|
use rocket::State;
|
|
use rocket::serde::json::Json;
|
|
use crate::database::controller::members_groups::remove_member_from_group;
|
|
|
|
#[delete("/api/groups", format = "json", data = "<group_list>")]
|
|
pub fn delete_groups(
|
|
settings: &State<Settings>,
|
|
cookie: SessionCookie,
|
|
group_list: Json<Vec<uuid::Uuid>>,
|
|
) -> Result<(), Json<ApiErrorWrapper>> {
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
|
|
let group_list = group_list.into_inner();
|
|
|
|
let mut permission_error = false;
|
|
|
|
for group in group_list {
|
|
if check_access_to_resource(
|
|
//Check if member has delete permission on specific group
|
|
&settings,
|
|
caller.entity_id,
|
|
group,
|
|
crate::permissions::modules::member_management::groups::DELETE,
|
|
) {
|
|
match delete_group(settings, group) {
|
|
Ok(_) => {}
|
|
Err(e) => return Err(translate_diesel(e)),
|
|
}
|
|
} else {
|
|
permission_error = true;
|
|
}
|
|
}
|
|
|
|
if !permission_error {
|
|
Ok(())
|
|
} else {
|
|
Err(Json(ApiError::new(403,"Eine oder mehrere Gruppen konnten aufgrund unzureichender Rechte nicht gelöscht werden!".to_string()).to_wrapper()))
|
|
}
|
|
}
|
|
|
|
#[delete("/api/groups/<group_id>/members/<member_id>", format = "json")]
|
|
pub fn delete_member_from_group(settings: &State<Settings>, cookie: SessionCookie, group_id: String, member_id: String) -> Result<(), Json<ApiErrorWrapper>>{
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
let member_id = parse_uuid_string(member_id)?;
|
|
let group_id = parse_uuid_string(group_id)?;
|
|
|
|
if !check_access_to_resource(settings, caller.entity_id, group_id, crate::permissions::modules::member_management::groups::members::EDIT){
|
|
return Err(Json(ApiError::new(403, "Keine Berechtigung Gruppenmitglieder zu ändern!".to_string()).to_wrapper()))
|
|
}
|
|
|
|
match remove_member_from_group(settings, member_id, group_id){
|
|
Ok(_) => Ok(()),
|
|
Err(e) => Err(translate_diesel(e))
|
|
}
|
|
} |