use actix_web::{web, HttpResponse, Responder}; use sqlx::PgPool; use crate::{ endpoints::IdPath, models::{Role, User}, utils::ApplicationError, }; #[actix_web::delete("/users/{id}")] pub async fn delete( user: web::ReqData, pool: web::Data, path: web::Path, ) -> Result { if user.role != Role::AreaManager && user.role != Role::Admin { return Err(ApplicationError::Unauthorized); } let Some(user_in_db) = User::read_by_id(pool.get_ref(), path.id).await? else { return Ok(HttpResponse::NotFound().finish()); }; if user.role == Role::AreaManager && user.area_id != user_in_db.area_id { return Err(ApplicationError::Unauthorized); } if user_in_db.locked { User::delete(pool.get_ref(), user_in_db.id).await?; return Ok(HttpResponse::Ok().finish()); } Ok(HttpResponse::BadRequest().finish()) }