Merge branch '199-add-option-to-delete-users' into 'main'

Resolve "Add option to delete users" Closes #199 See merge request inject/backend!210

Merge branch '199-add-option-to-delete-users' into 'main'
ba55f5f1 · Martin Juhás · 9bbc421b · 4af881ea · ba55f5f1 · ba55f5f1
Commit ba55f5f1 authored 10 months ago by Martin Juhás
--- a/aai/models.py
+++ b/aai/models.py
@@ -66,6 +66,7 @@ class Perms(models.Model):
    view_user = NameHandler("aai.view_user")
    manipulate_file = NameHandler("aai.manipulate_file")
    update_user = NameHandler("aai.update_user")
+    delete_user = NameHandler("aai.delete_user")  # only for admin
    export_import = NameHandler("aai.export_import")

    class Meta:
@@ -108,6 +109,7 @@ class Perms(models.Model):
                "Can upload and download files during exercise",
            ),
            ("update_user", "Can add/remove/change user"),
+            ("delete_user", "Can delete user"),
            ("export_import", "Can export and import database"),
        ]


--- a/rolling-changelog.txt
+++ b/rolling-changelog.txt
@@ -42,3 +42,4 @@ fix: fix SendEmailInput authorization checks
 feat: addition of INJECT_SECRET_KEY env variable #141
 change: set csrf cookie for `/version` endpoint
 feat: endpoint for re-generation of user login credentials #202
+feat: add endpoint for user deletion - accessible only to admin #199
--- a/user/schema/mutation.py
+++ b/user/schema/mutation.py
@@ -279,6 +279,29 @@ class RegenerateCredentialsMutation(graphene.Mutation):
        return RegenerateCredentialsMutation(operation_done=True)


+class DeleteUsersMutation(graphene.Mutation):
+    class Arguments:
+        user_ids = graphene.List(
+            graphene.ID,
+            required=True,
+            description="IDs of the users to be deleted",
+        )
+
+    operation_done = graphene.Boolean()
+
+    @classmethod
+    @protected(Perms.delete_user.full_name)
+    def mutate(cls, root, info, user_ids: List[str]) -> graphene.Mutation:
+        users = User.objects.filter(id__in=user_ids)
+        if not settings.NOAUTH or not info.context.user.is_anonymous:
+            users = users.exclude(id=info.context.user.id)
+        logger.info(
+            log_user_msg(info.context, info.context.user) + f"deleted: {users}"
+        )
+        users.delete()
+        return DeleteUsersMutation(operation_done=True)
+
+
 class Mutation(graphene.ObjectType):
    assign_users_to_team = AssignUsersToTeamMutation.Field(
        description="Mutation for assigning users to the specific team of the exercise"
@@ -304,3 +327,6 @@ class Mutation(graphene.ObjectType):
    regenerate_credentials = RegenerateCredentialsMutation.Field(
        description="Mutation for re-generating credentials for users"
    )
+    delete_users = DeleteUsersMutation.Field(
+        description="Mutation for deleting users"
+    )