From 443eed8dd186a9811fb70191841b14b77b195035 Mon Sep 17 00:00:00 2001
From: grimhilt <grimhilt@users.noreply.github.com>
Date: Tue, 8 Aug 2023 15:35:48 +0200
Subject: [PATCH] deletion of user

---
 src/api/abl/UserAbl.py      | 24 ++++++++++++++++++++++++
 src/api/controllers/user.py | 22 +++++++++++++---------
 2 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/src/api/abl/UserAbl.py b/src/api/abl/UserAbl.py
index 5858890..6a6b049 100644
--- a/src/api/abl/UserAbl.py
+++ b/src/api/abl/UserAbl.py
@@ -4,6 +4,10 @@ from flask_login import current_user
 from ..models import User, Role
 from .. import db
 
+def is_current_admin():
+    return current_user.as_dict()['roles'][0]['parent_id'] is None
+
+
 class UserAbl:
 
     @staticmethod
@@ -36,6 +40,7 @@ class UserAbl:
         new_role = Role( \
                 name=login, \
                 user_id=new_user.as_dict()['id'], \
+                parent_id=current_user.as_dict()['roles'][0]['id'], \
                 permissions=permissions)
         db.session.add(new_role)
         new_user.roles.append(new_role)
@@ -44,9 +49,28 @@ class UserAbl:
         db.session.commit()
         return jsonify(new_user.as_dict())
 
+    @staticmethod
+    def update(user_id, data):
+        return jsonify()
+
     @staticmethod
     def list():
         query = db.session.query(User).all()
         return jsonify([user.as_dict() for user in query])
 
+    @staticmethod
+    def delete(user_id):
+        user = db.session.query(User).filter_by(id=user_id).first()
+        if not user:
+            return jsonify(message="This user doesn't exist or has already been deleted"), 404
+
+        if not is_current_admin and user.as_dict()['roles'][0]['parent_id'] != current_user.as_dict()['roles'][0]['id']:
+            # todo all parent should be able to delete
+            return jsonify(message="You cannot delete an user you are not the origin of"), 403
+
+        db.session.delete(user)
+        # todo check if need to delete the role
+        db.session.commit()
+        return jsonify(sucess=True)
+
 
diff --git a/src/api/controllers/user.py b/src/api/controllers/user.py
index 9b99924..847a584 100644
--- a/src/api/controllers/user.py
+++ b/src/api/controllers/user.py
@@ -1,9 +1,5 @@
-from flask import Blueprint, request, jsonify
-from ..models import User
-from werkzeug.security import generate_password_hash, check_password_hash
-from ..models import User
-from .. import db
-from flask_login import login_required, current_user
+from flask import Blueprint, request
+from flask_login import login_required
 from ..abl.UserAbl import UserAbl
 from ..permissions import Perm, permissions
 
@@ -15,11 +11,19 @@ user = Blueprint('user', __name__)
 def create():
     return UserAbl.create(request.get_json())
 
-@user.route('delete', methods=['DELETE'])
-def delete():
-    return "ok"
+@user.route('/users/<int:user_id>', methods=['DELETE'])
+@login_required
+@permissions.require([Perm.CREATE_USER])
+def delete(user_id):
+    return UserAbl.delete(user_id) 
 
 @user.route('/users', methods=['GET'])
 @login_required
 def list():
     return UserAbl.list()
+
+@user.route('/users/<int:user_id>', methods=['PUT'])
+@login_required
+@permissions.require([Perm.CREATE_USER])
+def update(user_id):
+    return UserAbl.update(user_id, request.get_json())