diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/user.go | 30 | ||||
-rw-r--r-- | api4/user_test.go | 31 |
2 files changed, 61 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index 74983aa54..14067bdf5 100644 --- a/api4/user.go +++ b/api4/user.go @@ -21,6 +21,7 @@ func InitUser() { BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET") BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") + BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST") @@ -192,6 +193,35 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } } +func deleteUser(c *Context, w http.ResponseWriter, r *http.Request){ + c.RequireUserId() + if c.Err != nil { + return + } + + userId := c.Params.UserId + + if !app.SessionHasPermissionToUser(c.Session, userId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + var user *model.User + var err *model.AppError + + if user, err = app.GetUser(userId); err != nil { + c.Err = err + return + } + + if _, err := app.UpdateActive(user, false); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +} + func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { diff --git a/api4/user_test.go b/api4/user_test.go index 082b48dd6..40f6b4117 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -219,6 +219,37 @@ func TestUpdateUser(t *testing.T) { CheckNoError(t, resp) } +func TestDeleteUser(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + Client := th.Client + + user := th.BasicUser + th.LoginBasic() + + testUser := th.SystemAdminUser + _, resp := Client.DeleteUser(testUser.Id) + CheckForbiddenStatus(t, resp) + + Client.Logout() + + _, resp = Client.DeleteUser(user.Id) + CheckUnauthorizedStatus(t, resp) + + Client.Login(testUser.Email, testUser.Password) + + user.Id = model.NewId() + _, resp = Client.DeleteUser(user.Id) + CheckNotFoundStatus(t, resp) + + user.Id = "junk" + _, resp = Client.DeleteUser(user.Id) + CheckBadRequestStatus(t, resp) + + _, resp = Client.DeleteUser(testUser.Id) + CheckNoError(t, resp) + +} + func TestUpdateUserRoles(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() Client := th.Client |