From fc43bf0581706350014269eede38a8576e8c9e40 Mon Sep 17 00:00:00 2001 From: Ruzette Tanyag Date: Sun, 5 Feb 2017 12:20:17 -0500 Subject: Implement DELETE /users/{user_id endpoint for APIv4 - rebase cleanup (#5307) * added delete user endpoint * added unit test for delete user endpoint * added delete user driver --- api4/user.go | 30 ++++++++++++++++++++++++++++++ api4/user_test.go | 31 +++++++++++++++++++++++++++++++ model/client4.go | 10 ++++++++++ 3 files changed, 71 insertions(+) diff --git a/api4/user.go b/api4/user.go index 74983aa54..14067bdf5 100644 --- a/api4/user.go +++ b/api4/user.go @@ -21,6 +21,7 @@ func InitUser() { BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET") BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") + BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST") @@ -192,6 +193,35 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } } +func deleteUser(c *Context, w http.ResponseWriter, r *http.Request){ + c.RequireUserId() + if c.Err != nil { + return + } + + userId := c.Params.UserId + + if !app.SessionHasPermissionToUser(c.Session, userId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + var user *model.User + var err *model.AppError + + if user, err = app.GetUser(userId); err != nil { + c.Err = err + return + } + + if _, err := app.UpdateActive(user, false); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +} + func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { diff --git a/api4/user_test.go b/api4/user_test.go index 082b48dd6..40f6b4117 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -219,6 +219,37 @@ func TestUpdateUser(t *testing.T) { CheckNoError(t, resp) } +func TestDeleteUser(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + Client := th.Client + + user := th.BasicUser + th.LoginBasic() + + testUser := th.SystemAdminUser + _, resp := Client.DeleteUser(testUser.Id) + CheckForbiddenStatus(t, resp) + + Client.Logout() + + _, resp = Client.DeleteUser(user.Id) + CheckUnauthorizedStatus(t, resp) + + Client.Login(testUser.Email, testUser.Password) + + user.Id = model.NewId() + _, resp = Client.DeleteUser(user.Id) + CheckNotFoundStatus(t, resp) + + user.Id = "junk" + _, resp = Client.DeleteUser(user.Id) + CheckBadRequestStatus(t, resp) + + _, resp = Client.DeleteUser(testUser.Id) + CheckNoError(t, resp) + +} + func TestUpdateUserRoles(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() Client := th.Client diff --git a/model/client4.go b/model/client4.go index e189257d2..1bdb7e55e 100644 --- a/model/client4.go +++ b/model/client4.go @@ -285,6 +285,16 @@ func (c *Client4) UpdateUserRoles(userId, roles string) (bool, *Response) { } } +// DeleteUser deactivates a user in the system based on the provided user id string. +func (c *Client4) DeleteUser(userId string) (bool, *Response) { + if r, err := c.DoApiDelete(c.GetUserRoute(userId), ""); err != nil { + return false, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return CheckStatusOK(r), BuildResponse(r) + } +} + // Team Section // CreateTeam creates a team in the system based on the provided team struct. -- cgit v1.2.3-1-g7c22