diff options
| author | Santo Cariotti <santo@dcariotti.me> | 2022-10-17 06:24:07 +0000 |
|---|---|---|
| committer | Santo Cariotti <santo@dcariotti.me> | 2022-10-17 06:24:07 +0000 |
| commit | f335e35523ac0b004342827d9f7a3f71a8ce9377 (patch) | |
| tree | 621c066fa9f2ffc1a8644c86ea2de294dddd657c | |
| parent | 6f33e230583de313fa249d859a92de3ec390ae2d (diff) | |
Delete an avatar from a user_id
| -rw-r--r-- | src/routes/user.rs | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/src/routes/user.rs b/src/routes/user.rs index e78ec49..2213a58 100644 --- a/src/routes/user.rs +++ b/src/routes/user.rs @@ -9,7 +9,7 @@ use crate::{ }; use axum::{ extract::{ContentLengthLimit, Multipart, Path, Query}, - routing::{get, put}, + routing::{delete, get, put}, Json, Router, }; @@ -20,6 +20,7 @@ pub fn create_route() -> Router { .route("/me", get(get_me)) .route("/me/avatar", put(edit_my_avatar).delete(delete_my_avatar)) .route("/:id", get(get_user).put(edit_user)) + .route("/:id/avatar", delete(delete_avatar)) .route("/:id/models", get(get_user_models)) } @@ -76,6 +77,43 @@ async fn edit_my_avatar( } } +/// A staffer can delete an user `id`'s avatar +async fn delete_avatar( + Path(user_id): Path<i32>, + claims: Claims, +) -> Result<Json<UserList>, AppError> { + let mut user = match User::find_by_id(user_id).await { + Ok(user) => user, + Err(_) => { + return Err(AppError::NotFound("User not found".to_string())); + } + }; + + // If the user of the access token is different than the user they want to edit, checks if the + // first user is an admin + if claims.user_id != user.id { + match User::find_by_id(claims.user_id).await { + Ok(user) => { + if !(user.is_staff.unwrap()) { + return Err(AppError::Unauthorized); + } + } + Err(_) => { + return Err(AppError::NotFound("User not found".to_string())); + } + }; + } + + if user.avatar.is_some() { + let avatar_url = user.avatar.as_ref().unwrap(); + delete_upload(avatar_url)?; + } + + user.edit_avatar(None).await?; + + Ok(Json(user)) +} + /// Delete the avatar of the user linked to the claims async fn delete_my_avatar(claims: Claims) -> Result<Json<UserList>, AppError> { let mut user = match User::find_by_id(claims.user_id).await { |