improved admin and events tables

2025-01-21 12:51:59 +00:00
parent 8fef9b5318
commit 7265a4e36a
17 changed files with 357 additions and 237 deletions
--- a/backend/pkg/db/users/users.go
+++ b/backend/pkg/db/users/users.go
@@ -11,6 +11,11 @@ type User struct {
 	Admin bool   `db:"admin" json:"admin"`
 }

+type UserChangePassword struct {
+	UserName string `json:"userName" validate:"required" db:"userName"`
+	Password string `json:"password" validate:"required,min=12"`
+}
+
 // hashes a password
 func hashPassword(password string) ([]byte, error) {
 	return bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
@@ -64,11 +69,6 @@ func Add(user UserAdd) error {
 	}
 }

-type UserChangePassword struct {
-	UserName string `json:"userName" validate:"required" db:"userName"`
-	Password string `json:"password" validate:"required,min=12"`
-}
-
 func ChangePassword(user UserChangePassword) (string, error) {
 	// try to hash teh password
 	if hash, err := hashPassword(user.Password); err != nil {
@@ -103,3 +103,9 @@ func SetAdmin(userName string, admin bool) error {

 	return err
 }
+
+func Delete(userName string) error {
+	_, err := db.DB.Exec("DELETE FROM USERS WHERE name = $1", userName)
+
+	return err
+}
--- a/backend/pkg/router/router.go
+++ b/backend/pkg/router/router.go
@@ -102,6 +102,7 @@ func init() {
 			"event":          deleteEvent,
 			"tasks":          deleteTask,
 			"availabilities": deleteAvailability,
+			"users":          deleteUser,
 		},
 	}

--- a/backend/pkg/router/user.go
+++ b/backend/pkg/router/user.go
@@ -189,3 +189,48 @@ func patchUser(args HandlerArgs) responseMessage {

 	return response
 }
+
+func deleteUser(args HandlerArgs) responseMessage {
+	// check admin
+	if !args.User.Admin {
+		logger.Warn().Msg("user-deletion failed: user is no admin")
+
+		return responseMessage{
+			Status: fiber.StatusUnauthorized,
+		}
+
+		// get the username from the query
+	} else if userName := args.C.Query("userName"); userName == "" {
+		logger.Log().Msg("user-deletion failed: query is missing \"userName\"")
+
+		return responseMessage{
+			Status: fiber.StatusBadRequest,
+		}
+
+		// check wether the user tries to delete himself
+	} else if userName == args.User.UserName {
+		logger.Log().Msg("user-deletion failed: self-deletion is illegal")
+
+		return responseMessage{
+			Status: fiber.StatusBadRequest,
+		}
+
+		// check wether the user tries to delete the admin
+	} else if userName == "admin" {
+		logger.Log().Msg("user-deletion failed: admin-deletion is illegal")
+
+		return responseMessage{
+			Status: fiber.StatusBadRequest,
+		}
+
+		// delete the user
+	} else if err := users.Delete(userName); err != nil {
+		logger.Error().Msgf("user-deletion failed: user doesn't exist")
+
+		return responseMessage{
+			Status: fiber.StatusNotFound,
+		}
+	} else {
+		return responseMessage{}
+	}
+}