curator(api): allow deleting users

globaldothealth · May 6, 2022 · 8cbf73f · 8cbf73f
1 parent 985e8f4
commit 8cbf73f
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 0 deletions.
diff --git a/verification/curator-service/api/openapi/openapi.yaml b/verification/curator-service/api/openapi/openapi.yaml
@@ -1056,6 +1056,17 @@ paths:
                     $ref: '#/components/responses/422'
                 '500':
                     $ref: '#/components/responses/500'
+        delete:
+            tags: [User]
+            summary: Deletes a user
+            operationId: deleteUser
+            responses:
+                '204':
+                    $ref: '#/components/responses/204'
+                '404':
+                    $ref: '#/components/responses/404'
+                '500':
+                    $ref: '#/components/responses/500'
     /users/roles:
         get:
             tags: [User]

diff --git a/verification/curator-service/api/src/controllers/users.ts b/verification/curator-service/api/src/controllers/users.ts
@@ -88,6 +88,35 @@ export const updateRoles = async (
     }
 };
 
+/**
+ * Delete a user
+ */
+export const deleteUser = async (
+    req: Request,
+    res: Response,
+): Promise<void> => {
+    try {
+        const result = await users().deleteOne(
+            { _id: new ObjectId(req.params.id) },
+        );
+        console.log(result);
+        if (result.deletedCount !== 1) {
+            res.status(404).json({
+                message: `user with id ${req.params.id} could not be found`,
+            });
+            return;
+        }
+        res.status(204).end();
+        return;
+    } catch (err) {
+        const error = err as Error;
+        // TODO interpret mongodb error: I think validation is code == 121.
+        logger.error('error in deleting user', error);
+        res.status(500).json(error);
+        return;
+    }
+};
+
 /**
  * List the roles defined in the system.
  */

diff --git a/verification/curator-service/api/src/index.ts b/verification/curator-service/api/src/index.ts
@@ -359,6 +359,12 @@ async function makeApp() {
         mustHaveAnyRole(['admin']),
         usersController.updateRoles,
     );
+    apiRouter.delete(
+        '/users/:id',
+        authenticateByAPIKey,
+        mustHaveAnyRole(['admin']),
+        usersController.deleteUser,
+    );
     apiRouter.get(
         '/users/roles',
         authenticateByAPIKey,

diff --git a/verification/curator-service/api/test/users.test.ts b/verification/curator-service/api/test/users.test.ts
@@ -152,3 +152,29 @@ describe('PUT', () => {
             .expect(400);
     });
 });
+
+
+describe('DELETE', () => {
+    it('should delete a user', async () => {
+        const request = supertest.agent(app);
+        const userRes = await request
+            .post('/auth/register')
+            .send({ ...baseUser, ...{ roles: ['admin'] } })
+            .expect(200, /admin/)
+            .expect('Content-Type', /json/);
+        const res = await request
+            .delete(`/api/users/${userRes.body._id}`)
+            .expect(204);
+    });
+    it('cannot delete an nonexistent user', async () => {
+        const request = supertest.agent(app);
+        await request
+            .post('/auth/register')
+            .send({ ...baseUser, ...{ roles: ['admin'] } })
+            .expect(200)
+            .expect('Content-Type', /json/);
+        return request
+            .delete('/api/users/5ea86423bae6982635d2e1f8')
+            .expect(404);
+    });
+});