33 lines
875 B
Rust
33 lines
875 B
Rust
use actix_web::{web, HttpResponse, Responder};
|
|
use sqlx::PgPool;
|
|
|
|
use crate::{
|
|
endpoints::IdPath,
|
|
models::{Role, User}, utils::ApplicationError,
|
|
};
|
|
|
|
#[actix_web::delete("/users/{id}")]
|
|
pub async fn delete(
|
|
user: web::ReqData<User>,
|
|
pool: web::Data<PgPool>,
|
|
path: web::Path<IdPath>,
|
|
) -> Result<impl Responder, ApplicationError> {
|
|
if user.role != Role::AreaManager && user.role != Role::Admin {
|
|
return Err(ApplicationError::Unauthorized);
|
|
}
|
|
|
|
let user_in_db = User::read_by_id(pool.get_ref(), path.id).await?;
|
|
|
|
if user.role == Role::AreaManager && user.area_id != user_in_db.area_id {
|
|
return Err(ApplicationError::Unauthorized);
|
|
}
|
|
|
|
if user_in_db.locked {
|
|
User::delete(pool.get_ref(), user_in_db.id).await?;
|
|
|
|
return Ok(HttpResponse::Ok().finish());
|
|
}
|
|
|
|
Ok(HttpResponse::BadRequest().finish())
|
|
}
|