♻️ Add delete_user_me endpoint and corresponding test cases (#1179)

Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
2024-04-26 14:35:12 -05:00
parent d1cc75903e
commit b81cec8ea5
3 changed files with 59 additions and 32 deletions
--- a/backend/app/api/deps.py
+++ b/backend/app/api/deps.py
@@ -51,6 +51,6 @@ CurrentUser = Annotated[User, Depends(get_current_user)]
 def get_current_active_superuser(current_user: CurrentUser) -> User:
    if not current_user.is_superuser:
        raise HTTPException(
-            status_code=400, detail="The user doesn't have enough privileges"
+            status_code=403, detail="The user doesn't have enough privileges"
        )
    return current_user
--- a/backend/app/api/routes/users.py
+++ b/backend/app/api/routes/users.py
@@ -124,6 +124,22 @@ def read_user_me(current_user: CurrentUser) -> Any:
    return current_user


+@router.delete("/me", response_model=Message)
+def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
+    """
+    Delete own user.
+    """
+    if current_user.is_superuser:
+        raise HTTPException(
+            status_code=403, detail="Super users are not allowed to delete themselves"
+        )
+    statement = delete(Item).where(col(Item.owner_id) == current_user.id)
+    session.exec(statement)  # type: ignore
+    session.delete(current_user)
+    session.commit()
+    return Message(message="User deleted successfully")
+
+
@router.post("/signup", response_model=UserPublic)
 def register_user(session: SessionDep, user_in: UserRegister) -> Any:
    """
@@ -195,7 +211,7 @@ def update_user(
    return db_user


-@router.delete("/{user_id}")
+@router.delete("/{user_id}", dependencies=[Depends(get_current_active_superuser)])
 def delete_user(
    session: SessionDep, current_user: CurrentUser, user_id: int
 ) -> Message:
@@ -205,15 +221,10 @@ def delete_user(
    user = session.get(User, user_id)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
-    elif user != current_user and not current_user.is_superuser:
-        raise HTTPException(
-            status_code=403, detail="The user doesn't have enough privileges"
-        )
-    elif user == current_user and current_user.is_superuser:
+    if user == current_user:
        raise HTTPException(
            status_code=403, detail="Super users are not allowed to delete themselves"
        )
-
    statement = delete(Item).where(col(Item.owner_id) == user_id)
    session.exec(statement)  # type: ignore
    session.delete(user)