2020-11-22 13:49:34 +01:00
|
|
|
class AuthD::Request
|
|
|
|
|
IPC::JSON.message Delete, 17 do
|
2023-06-10 17:26:12 +02:00
|
|
|
# Deletion can be triggered by either an admin or the related user.
|
2023-06-11 18:59:41 +02:00
|
|
|
property user : UserID
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def initialize(@user)
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
|
|
|
|
logged_user = authd.get_logged_user? fd
|
2023-06-11 18:59:41 +02:00
|
|
|
return Response::Error.new "you must be logged" if logged_user.nil?
|
|
|
|
|
|
|
|
|
|
# Get the full AuthD::User instance, not just the public view.
|
|
|
|
|
user_to_delete = authd.user? logged_user.uid
|
|
|
|
|
return Response::Error.new "unknown user" if user_to_delete.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
unless logged_user.admin
|
|
|
|
|
# Is the logged user the target?
|
2023-06-11 18:59:41 +02:00
|
|
|
return Response::Error.new "invalid credentials" if logged_user.uid != user_to_delete.uid
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# User or admin is now verified: let's proceed with the user deletion.
|
|
|
|
|
authd.users_per_login.delete user_to_delete.login
|
|
|
|
|
|
2023-06-11 18:59:41 +02:00
|
|
|
# If the current user is deleted, unlog!
|
2023-06-10 17:26:12 +02:00
|
|
|
if logged_user.uid == user_to_delete.uid
|
|
|
|
|
authd.close fd
|
|
|
|
|
authd.logged_users.delete fd
|
|
|
|
|
end
|
|
|
|
|
|
2020-11-22 13:49:34 +01:00
|
|
|
# TODO: better response
|
|
|
|
|
Response::User.new user_to_delete.to_public
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
AuthD.requests << Delete
|
|
|
|
|
end
|
