From 6b7ecd3044c45b2eed46ee5010bed4dab4f02df9 Mon Sep 17 00:00:00 2001 From: Nicolai Ort Date: Fri, 15 Jan 2021 22:35:23 +0100 Subject: [PATCH] User deletion now requires confirmation ref #100 --- src/controllers/UserController.ts | 6 ++++-- src/errors/UserErrors.ts | 12 ++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/controllers/UserController.ts b/src/controllers/UserController.ts index 846653f..0c5f0cb 100644 --- a/src/controllers/UserController.ts +++ b/src/controllers/UserController.ts @@ -1,7 +1,7 @@ import { Authorized, Body, Delete, Get, JsonController, OnUndefined, Param, Post, Put, QueryParam } from 'routing-controllers'; import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi'; import { getConnectionManager, Repository } from 'typeorm'; -import { UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors'; +import { UserDeletionNotConfirmedError, UserIdsNotMatchingError, UsernameContainsIllegalCharacterError, UserNotFoundError } from '../errors/UserErrors'; import { UserGroupNotFoundError } from '../errors/UserGroupErrors'; import { CreateUser } from '../models/actions/create/CreateUser'; import { UpdateUser } from '../models/actions/update/UpdateUser'; @@ -105,9 +105,11 @@ export class UserController { @Authorized("USER:DELETE") @ResponseSchema(ResponseUser) @ResponseSchema(ResponseEmpty, { statusCode: 204 }) + @ResponseSchema(UserDeletionNotConfirmedError, { statusCode: 406 }) @OnUndefined(204) - @OpenAPI({ description: 'Delete the user whose id you provided.
If there are any permissions directly granted to the user they will get deleted as well.
If no user with this id exists it will just return 204(no content).' }) + @OpenAPI({ description: 'Delete the user whose id you provided.
You have to confirm your decision by providing the ?force=true query param.
If there are any permissions directly granted to the user they will get deleted as well.
If no user with this id exists it will just return 204(no content).' }) async remove(@Param("id") id: number, @QueryParam("force") force: boolean) { + if (!force) { throw new UserDeletionNotConfirmedError; } let user = await this.userRepository.findOne({ id: id }); if (!user) { return null; } const responseUser = await this.userRepository.findOne({ id: id }, { relations: ['permissions', 'groups', 'groups.permissions'] });; diff --git a/src/errors/UserErrors.ts b/src/errors/UserErrors.ts index 5d2b659..ced02ed 100644 --- a/src/errors/UserErrors.ts +++ b/src/errors/UserErrors.ts @@ -59,4 +59,16 @@ export class UserIdsNotMatchingError extends NotAcceptableError { @IsString() message = "The ids don't match!! \n And if you wanted to change a user's id: This isn't allowed!" +} + +/** + * Error to throw when two users' ids don't match. + * Usually occurs when a user tries to change a user's id. + */ +export class UserDeletionNotConfirmedError extends NotAcceptableError { + @IsString() + name = "UserDeletionNotConfirmedError" + + @IsString() + message = "You are trying to delete a user! \n If you're sure about doing this: provide the ?force=true query param." } \ No newline at end of file