Added a new policy to require being an admin. Implemented ability to delete a user.

2020-12-24 08:13:58 -06:00 · 2020-12-24 08:13:58 -06:00 · f0919042b0
commit f0919042b0
parent bb276a5984
6 changed files with 44 additions and 5 deletions
--- a/API/Controllers/AdminController.cs
+++ b/API/Controllers/AdminController.cs
@ -26,10 +26,18 @@ namespace API.Controllers
        }

        [Authorize(Policy = "RequireAdminRole")]
-        [HttpDelete]
+        [HttpDelete("delete-user")]
        public async Task<ActionResult> DeleteUser(string username)
        {
-            return BadRequest("Not Implemented");
+            var user = await _userRepository.GetUserByUsernameAsync(username);
+            _userRepository.Delete(user);
+
+            if (await _userRepository.SaveAllAsync())
+            {
+                return Ok();
+            }
+            
+            return BadRequest("Could not delete the user.");
        }
        
        
--- a/API/Controllers/LibraryController.cs
+++ b/API/Controllers/LibraryController.cs
@ -77,14 +77,13 @@ namespace API.Controllers
        //     return Ok(await _libraryRepository.GetLibrariesForUserAsync(user));
        // }
        
+        [Authorize(Policy = "RequireAdminRole")]
        [HttpPut("update-for")]
        public async Task<ActionResult<MemberDto>> UpdateLibrary(UpdateLibraryDto updateLibraryDto)
        {
-            // TODO: Only admins can do this
            var user = await _userRepository.GetUserByUsernameAsync(updateLibraryDto.Username);

            if (user == null) return BadRequest("Could not validate user");
-            if (!user.IsAdmin) return Unauthorized("Only admins are permitted");

            user.Libraries = new List<Library>();