(app *App, u *User, w http.ResponseWriter, r *http.Request)
| 319 | } |
| 320 | |
| 321 | func handleAdminDeleteUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error { |
| 322 | if !u.IsAdmin() { |
| 323 | return impart.HTTPError{http.StatusForbidden, "Administrator privileges required for this action"} |
| 324 | } |
| 325 | |
| 326 | vars := mux.Vars(r) |
| 327 | username := vars["username"] |
| 328 | confirmUsername := r.PostFormValue("confirm-username") |
| 329 | |
| 330 | if confirmUsername != username { |
| 331 | return impart.HTTPError{http.StatusBadRequest, "Username was not confirmed"} |
| 332 | } |
| 333 | |
| 334 | user, err := app.db.GetUserForAuth(username) |
| 335 | if err == ErrUserNotFound { |
| 336 | return impart.HTTPError{http.StatusNotFound, fmt.Sprintf("User '%s' was not found", username)} |
| 337 | } else if err != nil { |
| 338 | log.Error("get user for deletion: %v", err) |
| 339 | return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user with username '%s': %v", username, err)} |
| 340 | } |
| 341 | |
| 342 | err = app.db.DeleteAccount(user.ID) |
| 343 | if err != nil { |
| 344 | log.Error("delete user %s: %v", user.Username, err) |
| 345 | return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not delete user account for '%s': %v", username, err)} |
| 346 | } |
| 347 | |
| 348 | _ = addSessionFlash(app, w, r, fmt.Sprintf("User \"%s\" was deleted successfully.", username), nil) |
| 349 | return impart.HTTPError{http.StatusFound, "/admin/users"} |
| 350 | } |
| 351 | |
| 352 | func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *http.Request) error { |
| 353 | vars := mux.Vars(r) |
nothing calls this directly
no test coverage detected