36 lines
1.7 KiB
Rust
36 lines
1.7 KiB
Rust
use crate::helper::settings::Settings;
|
|
use rocket::State;
|
|
use crate::helper::session_cookies::model::SessionCookie;
|
|
use crate::modules::api::model::api_outcome::{ApiErrorWrapper, ApiError};
|
|
use rocket::serde::json::Json;
|
|
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
|
|
use crate::helper::check_access::check_access_to_member_and_group;
|
|
use crate::database::controller::groups::get_groups_for_member;
|
|
use crate::database::controller::users::remove_user;
|
|
use crate::helper::translate_diesel_error::translate_diesel;
|
|
use crate::database::controller::members::get_members_by_user_uuid;
|
|
|
|
#[delete("/api/users/<user_id>", format = "json")]
|
|
pub fn delete_user(settings: &State<Settings>, cookie: SessionCookie, user_id: String) -> Result<(), Json<ApiErrorWrapper>>{
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
|
|
let user_id = parse_uuid_string(user_id)?;
|
|
let member = get_members_by_user_uuid(user_id, &settings);
|
|
let member = match member.first(){
|
|
Some(member) => member,
|
|
None => return Err(Json(ApiError::new(404, "Nicht gefunden.".to_string()).to_wrapper()))
|
|
};
|
|
|
|
let member_groups = get_groups_for_member(settings, member.entity_id);
|
|
|
|
if caller.entity_id != member.entity_id { //Skip permission check if user edits own login
|
|
if !check_access_to_member_and_group(settings, member.entity_id, member_groups, caller.entity_id, "modules.member_management.profile.login.edit".to_string()) {
|
|
return Err(Json(ApiError::new(401, "Keine Rechte Login für dieses Mitglied anzulegen!".to_string()).to_wrapper()))
|
|
}
|
|
}
|
|
|
|
match remove_user(settings, user_id){
|
|
Ok(_) => Ok(()),
|
|
Err(e) => Err(translate_diesel(e))
|
|
}
|
|
} |