diff --git a/crates/core/database/src/drivers/mod.rs b/crates/core/database/src/drivers/mod.rs index 0fcc78c5..75dd8424 100644 --- a/crates/core/database/src/drivers/mod.rs +++ b/crates/core/database/src/drivers/mod.rs @@ -268,4 +268,20 @@ impl Database { Ok(()) } + pub async fn delete_authifier_account(&self, user_id: &str) -> Result<()> { + let auth = self.clone().to_authifier().await; + + let mut account = auth + .database + .find_account(user_id) + .await + .map_err(|_| create_database_error!("find_account", "accounts"))?; + + account + .schedule_deletion(&auth) + .await + .map_err(|_| create_database_error!("schedule_deletion", "accounts"))?; + + Ok(()) + } } diff --git a/crates/delta/src/routes/admin/accounts/account_delete.rs b/crates/delta/src/routes/admin/accounts/account_delete.rs index e69de29b..1c12adb8 100644 --- a/crates/delta/src/routes/admin/accounts/account_delete.rs +++ b/crates/delta/src/routes/admin/accounts/account_delete.rs @@ -0,0 +1,53 @@ +use crate::routes::admin::util::{ + create_audit_action, flatten_authorized_user, user_has_permission, +}; +use revolt_database::{util::reference::Reference, AdminAuthorization, Database}; +use revolt_models::v0; +use revolt_result::{create_error, Result}; +use rocket::State; +use rocket_empty::EmptyResponse; + +/// Delete an account. Requires ManageAccounts permissions +#[openapi(tag = "Admin")] +#[delete("/accounts/?")] +pub async fn admin_account_delete( + db: &State, + auth: AdminAuthorization, + id: Reference<'_>, + case: Option<&str>, +) -> Result { + let user = flatten_authorized_user(&auth); + if !user_has_permission(user, v0::AdminUserPermissionFlags::ManageAccounts) { + return Err(create_error!(MissingPermission { + permission: "ManageAccounts".to_string() + })); + } + + let target = id.as_user(db).await?; + + if target.privileged { + return Err(create_error!(PrivilegedAccount)); + } + + let admin = db.admin_user_fetch(&target.id).await.ok(); + + if let Some(admin) = admin { + if user_has_permission(&admin, v0::AdminUserPermissionFlags::ManageAccounts) { + return Err(create_error!(PrivilegedAccount)); + } + } + + db.delete_authifier_account(&target.id).await?; + + create_audit_action( + db, + &user.id, + v0::AdminAuditItemActions::DeleteAccount, + case, + Some(id.id), + None, + ) + .await?; + + Ok(EmptyResponse) +}