2018-06-11 13:13:19 +00:00
package users
import (
"net/http"
2018-09-10 10:01:38 +00:00
httperror "github.com/portainer/libhttp/error"
"github.com/portainer/libhttp/request"
"github.com/portainer/libhttp/response"
2019-03-21 01:20:14 +00:00
"github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/http/security"
2018-06-11 13:13:19 +00:00
)
// DELETE request on /api/users/:id
func ( handler * Handler ) userDelete ( w http . ResponseWriter , r * http . Request ) * httperror . HandlerError {
userID , err := request . RetrieveNumericRouteVariableValue ( r , "id" )
if err != nil {
return & httperror . HandlerError { http . StatusBadRequest , "Invalid user identifier route variable" , err }
}
tokenData , err := security . RetrieveTokenData ( r )
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to retrieve user authentication token" , err }
}
if tokenData . ID == portainer . UserID ( userID ) {
return & httperror . HandlerError { http . StatusForbidden , "Cannot remove your own user account. Contact another administrator" , portainer . ErrAdminCannotRemoveSelf }
}
2018-07-23 04:57:38 +00:00
user , err := handler . UserService . User ( portainer . UserID ( userID ) )
2018-06-19 11:15:10 +00:00
if err == portainer . ErrObjectNotFound {
2018-06-11 13:13:19 +00:00
return & httperror . HandlerError { http . StatusNotFound , "Unable to find a user with the specified identifier inside the database" , err }
} else if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to find a user with the specified identifier inside the database" , err }
}
2018-07-23 04:57:38 +00:00
if user . Role == portainer . AdministratorRole {
return handler . deleteAdminUser ( w , user )
}
return handler . deleteUser ( w , user )
}
func ( handler * Handler ) deleteAdminUser ( w http . ResponseWriter , user * portainer . User ) * httperror . HandlerError {
2019-02-25 05:54:21 +00:00
if user . Password == "" {
return handler . deleteUser ( w , user )
}
2018-07-23 04:57:38 +00:00
users , err := handler . UserService . Users ( )
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to retrieve users from the database" , err }
}
localAdminCount := 0
for _ , u := range users {
if u . Role == portainer . AdministratorRole && u . Password != "" {
localAdminCount ++
}
}
if localAdminCount < 2 {
return & httperror . HandlerError { http . StatusInternalServerError , "Cannot remove local administrator user" , portainer . ErrCannotRemoveLastLocalAdmin }
}
return handler . deleteUser ( w , user )
}
func ( handler * Handler ) deleteUser ( w http . ResponseWriter , user * portainer . User ) * httperror . HandlerError {
2019-10-07 02:42:01 +00:00
err := handler . UserService . DeleteUser ( user . ID )
2018-06-11 13:13:19 +00:00
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to remove user from the database" , err }
}
2019-10-07 02:42:01 +00:00
err = handler . TeamMembershipService . DeleteTeamMembershipByUserID ( user . ID )
2018-06-11 13:13:19 +00:00
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to remove user memberships from the database" , err }
}
2019-10-07 02:42:01 +00:00
err = handler . AuthorizationService . RemoveUserAccessPolicies ( user . ID )
if err != nil {
return & httperror . HandlerError { http . StatusInternalServerError , "Unable to clean-up user access policies" , err }
}
2018-06-11 13:13:19 +00:00
return response . Empty ( w )
}