(ctx context.Context, req *adminv1.DeleteUserRequest)
| 523 | } |
| 524 | |
| 525 | func (s *Server) DeleteUser(ctx context.Context, req *adminv1.DeleteUserRequest) (*adminv1.DeleteUserResponse, error) { |
| 526 | observability.AddRequestAttributes(ctx, attribute.String("args.email", req.Email)) |
| 527 | |
| 528 | user, err := s.admin.DB.FindUserByEmail(ctx, req.Email) |
| 529 | if err != nil { |
| 530 | return nil, err |
| 531 | } |
| 532 | |
| 533 | claims := auth.GetClaims(ctx) |
| 534 | isCurrentUser := claims.OwnerType() == auth.OwnerTypeUser && claims.OwnerID() == user.ID |
| 535 | forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess |
| 536 | if !isCurrentUser && !forceAccess { |
| 537 | return nil, status.Error(codes.PermissionDenied, "you can only delete your own user unless you are a superuser") |
| 538 | } |
| 539 | |
| 540 | err = s.admin.DB.DeleteUser(ctx, user.ID) |
| 541 | if err != nil { |
| 542 | return nil, err |
| 543 | } |
| 544 | |
| 545 | return &adminv1.DeleteUserResponse{}, nil |
| 546 | } |
| 547 | |
| 548 | func (s *Server) SudoUpdateUserQuotas(ctx context.Context, req *adminv1.SudoUpdateUserQuotasRequest) (*adminv1.SudoUpdateUserQuotasResponse, error) { |
| 549 | observability.AddRequestAttributes(ctx, attribute.String("args.email", req.Email)) |
nothing calls this directly
no test coverage detected