feat: implement admin account deletion endpoint
This commit is contained in:
@@ -268,4 +268,20 @@ impl Database {
|
|||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
pub async fn delete_authifier_account(&self, user_id: &str) -> Result<()> {
|
||||||
|
let auth = self.clone().to_authifier().await;
|
||||||
|
|
||||||
|
let mut account = auth
|
||||||
|
.database
|
||||||
|
.find_account(user_id)
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("find_account", "accounts"))?;
|
||||||
|
|
||||||
|
account
|
||||||
|
.schedule_deletion(&auth)
|
||||||
|
.await
|
||||||
|
.map_err(|_| create_database_error!("schedule_deletion", "accounts"))?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,53 @@
|
|||||||
|
use crate::routes::admin::util::{
|
||||||
|
create_audit_action, flatten_authorized_user, user_has_permission,
|
||||||
|
};
|
||||||
|
use revolt_database::{util::reference::Reference, AdminAuthorization, Database};
|
||||||
|
use revolt_models::v0;
|
||||||
|
use revolt_result::{create_error, Result};
|
||||||
|
use rocket::State;
|
||||||
|
use rocket_empty::EmptyResponse;
|
||||||
|
|
||||||
|
/// Delete an account. Requires ManageAccounts permissions
|
||||||
|
#[openapi(tag = "Admin")]
|
||||||
|
#[delete("/accounts/<id>?<case>")]
|
||||||
|
pub async fn admin_account_delete(
|
||||||
|
db: &State<Database>,
|
||||||
|
auth: AdminAuthorization,
|
||||||
|
id: Reference<'_>,
|
||||||
|
case: Option<&str>,
|
||||||
|
) -> Result<EmptyResponse> {
|
||||||
|
let user = flatten_authorized_user(&auth);
|
||||||
|
if !user_has_permission(user, v0::AdminUserPermissionFlags::ManageAccounts) {
|
||||||
|
return Err(create_error!(MissingPermission {
|
||||||
|
permission: "ManageAccounts".to_string()
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
|
||||||
|
let target = id.as_user(db).await?;
|
||||||
|
|
||||||
|
if target.privileged {
|
||||||
|
return Err(create_error!(PrivilegedAccount));
|
||||||
|
}
|
||||||
|
|
||||||
|
let admin = db.admin_user_fetch(&target.id).await.ok();
|
||||||
|
|
||||||
|
if let Some(admin) = admin {
|
||||||
|
if user_has_permission(&admin, v0::AdminUserPermissionFlags::ManageAccounts) {
|
||||||
|
return Err(create_error!(PrivilegedAccount));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
db.delete_authifier_account(&target.id).await?;
|
||||||
|
|
||||||
|
create_audit_action(
|
||||||
|
db,
|
||||||
|
&user.id,
|
||||||
|
v0::AdminAuditItemActions::DeleteAccount,
|
||||||
|
case,
|
||||||
|
Some(id.id),
|
||||||
|
None,
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
Ok(EmptyResponse)
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user