feat(frontend): added user deletion to the user list

also includes small updates to the api to prevent administrators from being deleted, as well as migrations to cascade deletions to requests the users made fixes #348
2025-09-17 17:24:35 +02:00 · 2020-12-17 16:03:27 +00:00
parent ee84f74f8a
commit 727fa06c18
7 changed files with 175 additions and 8 deletions
--- a/server/routes/user.ts
+++ b/server/routes/user.ts
@@ -1,7 +1,9 @@
 import { Router } from 'express';
 import { getRepository } from 'typeorm';
+import { MediaRequest } from '../entity/MediaRequest';
 import { User } from '../entity/User';
 import { hasPermission, Permission } from '../lib/permissions';
+import logger from '../logger';

 const router = Router();

@@ -94,13 +96,49 @@ router.delete<{ id: string }>('/:id', async (req, res, next) => {
  try {
    const userRepository = getRepository(User);

-    const user = await userRepository.findOneOrFail({
+    const user = await userRepository.findOne({
      where: { id: Number(req.params.id) },
+      relations: ['requests'],
    });
+
+    if (!user) {
+      return next({ status: 404, message: 'User not found' });
+    }
+
+    if (user.id === 1) {
+      return next({ status: 405, message: 'This account cannot be deleted.' });
+    }
+
+    if (user.hasPermission(Permission.ADMIN)) {
+      return next({
+        status: 405,
+        message: 'You cannot delete users with administrative privileges.',
+      });
+    }
+
+    const requestRepository = getRepository(MediaRequest);
+
+    /**
+     * Requests are usually deleted through a cascade constraint. Those however, do
+     * not trigger the removal event so listeners to not run and the parent Media
+     * will not be updated back to unknown for titles that were still pending. So
+     * we manually remove all requests from the user here so the parent media's
+     * properly reflect the change.
+     */
+    await requestRepository.remove(user.requests);
+
    await userRepository.delete(user.id);
    return res.status(200).json(user.filter());
  } catch (e) {
-    next({ status: 404, message: 'User not found' });
+    logger.error('Something went wrong deleting a user', {
+      label: 'API',
+      userId: req.params.id,
+      errorMessage: e.message,
+    });
+    return next({
+      status: 500,
+      message: 'Something went wrong deleting the user',
+    });
  }
 });