allow admin to delete users accounts (#107)

ice-blockchain · Jan 20, 2024 · deb1407 · deb1407
1 parent d0f4319
commit deb1407
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/cmd/eskimo-hut/contract.go b/cmd/eskimo-hut/contract.go
@@ -93,7 +93,7 @@ type (
 		Checksum string `form:"checksum" formMultipart:"checksum"`
 	}
 	DeleteUserArg struct {
-		UserID string `uri:"userId" required:"true" example:"did:ethr:0x4B73C58370AEfcEf86A6021afCDe5673511376B2"`
+		UserID string `uri:"userId" required:"true" allowForbiddenWriteOperation:"true" example:"did:ethr:0x4B73C58370AEfcEf86A6021afCDe5673511376B2"`
 	}
 	GetDeviceLocationArg struct {
 		// Optional. Set it to `-` if unknown.

diff --git a/cmd/eskimo-hut/users.go b/cmd/eskimo-hut/users.go
@@ -378,6 +378,11 @@ func (s *service) DeleteUser( //nolint:gocritic // False negative.
 	ctx context.Context,
 	req *server.Request[DeleteUserArg, any],
 ) (*server.Response[any], *server.Response[server.ErrorResponse]) {
+	if req.Data.UserID != req.AuthenticatedUser.UserID {
+		if req.AuthenticatedUser.Role != adminRole {
+			return nil, server.Forbidden(errors.New("not allowed"))
+		}
+	}
 	if err := s.usersProcessor.DeleteUser(ctx, req.Data.UserID); err != nil {
 		if errors.Is(err, users.ErrNotFound) {
 			return server.NoContent(), nil