pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only admin can remove other users accounts

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-03-15 16:31:30 +00:00
parent 411549d097
commit 1661e45e04
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/user_views.py
View File

@ -60,10 +60,14 @@ def edit_user(user_id):
@user_bp.route('/users/<int:user_id>', methods=['DELETE']) @user_bp.route('/users/<int:user_id>', methods=['DELETE'])
@jwt_required() @jwt_required()
def remove_user(user_id): def remove_user(user_id):
logged_user_id = int(get_jwt_identity())
logged_user_role = User.query.get(logged_user_id).role
if logged_user_role != "Administrator" and logged_user_id != user_id:
return jsonify({'error': f'You can not remove other user accounts.'}), 403
user_to_delete = User.query.get_or_404(user_id) user_to_delete = User.query.get_or_404(user_id)
db.session.delete(user_to_delete) db.session.delete(user_to_delete)
db.session.commit() db.session.commit()
return jsonify({}) return jsonify({"msg": "User removed successfully."})
@user_bp.route('/login', methods=['POST']) @user_bp.route('/login', methods=['POST'])
def user_login(): def user_login():