Mercurial > gemma

diff controllers/user.go @ 240:9012e4045da4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implemented /user delete controller.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Thu, 26 Jul 2018 17:56:02 +0200
parents 3771788d3dae
children 3b688fe04c39
line wrap: on
line diff
--- a/controllers/user.go	Thu Jul 26 17:15:22 2018 +0200
+++ b/controllers/user.go	Thu Jul 26 17:56:02 2018 +0200
@@ -8,6 +8,7 @@
 	"regexp"
 	"strings"
 
+	"gemma.intevation.de/gemma/auth"
 	"github.com/gorilla/mux"
 )
 
@@ -41,6 +42,8 @@
 	updateUserSQL       = `SELECT sys_admin.update_user($1, $2, $3, $4, $5, NULL, $6)`
 	updateUserExtentSQL = `SELECT sys_admin.update_user($1, $2, $3, $4, $5,
   ST_MakeBox2D(ST_Point($6, $7), ST_Point($8, $9)), $10)`
+
+	deleteUserSQL = `SELECT sys_admin.delete_user($1)`
 )
 
 var (
@@ -117,10 +120,37 @@
 	return errNoValidRole
 }
 
+func deleteUser(
+	rw http.ResponseWriter, req *http.Request,
+	input interface{}, db *sql.DB,
+) (jr JSONResult, err error) {
+
+	user := mux.Vars(req)["user"]
+	if user == "" {
+		err = JSONError{http.StatusBadRequest, "error: user empty"}
+		return
+	}
+
+	session, _ := auth.GetSession(req)
+	if session.User == user {
+		err = JSONError{http.StatusBadRequest, "error: cannot delete yourself"}
+		return
+	}
+
+	if _, err = db.Exec(deleteUserSQL, user); err != nil {
+		return
+	}
+
+	// Running in a go routine should not be necessary.
+	go func() { auth.ConnPool.Logout(user) }()
+
+	jr = JSONResult{Code: http.StatusNoContent}
+	return
+}
+
 func updateUser(
 	rw http.ResponseWriter, req *http.Request,
-	input interface{},
-	db *sql.DB,
+	input interface{}, db *sql.DB,
 ) (jr JSONResult, err error) {
 
 	user := mux.Vars(req)["user"]
@@ -172,8 +202,7 @@
 
 func createUser(
 	rw http.ResponseWriter, req *http.Request,
-	input interface{},
-	db *sql.DB,
+	input interface{}, db *sql.DB,
 ) (jr JSONResult, err error) {
 
 	user := input.(*User)