Added Delete User route

46dce337 · poslovitch · a5481993 · 46dce337
Commit 46dce337 authored Dec 13, 2021 by poslovitch
--- a/app/apiroutes/users.php
+++ b/app/apiroutes/users.php
@@ -371,6 +371,54 @@ $app->put('/api/users/{username}', function( Request $request, Response $respons
    return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
 });

+/** 
+ * Delete User : admin only (see documentation) 
+ */ 
+$app->delete('/api/users/{username}', function( Request $request, Response $response){ 
+    $username = $request->getAttribute('username');
+    $token = get_token_infos($request);
+
+    if (!$token->admin) {
+        // response : 403 : denied
+        $response->getBody()->write('{"error": {"msg": "Access denied."}}'); 
+        return $response->withHeader('Content-Type', 'application/json')->withStatus(403); 
+    }
+
+    $dbconn = new DB\DBConnection();
+    // Check user exists in database
+    try {
+        $db = $dbconn->connect();    
+    
+        // query
+        $sql = "SELECT * FROM users WHERE (username='" . $username . "')";
+        $stmt = $db->query( $sql );
+        $users = $stmt->fetchAll( PDO::FETCH_OBJ );
+        $db = null; // clear db object
+
+        // Check if the user does not exist
+        if (sizeof($users) != 1) {
+            // response : 404 : not Found
+            $response->getBody()->write('{"error": {"msg": "Could not find user."}}'); 
+            return $response->withHeader('Content-Type', 'application/json')->withStatus(404); 
+        }
+
+        $user = $users[0];
+
+        $sql = "DELETE FROM users WHERE (id='" . $user->id . "');";
+        $db = $dbconn->connect();    
+        $db->query($sql);
+        $db = null; // clear the db object
+    }
+    catch( PDOException $e ) { 
+        echo $e; 
+        // response : 500 : PDO Error (DB) 
+        $response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}'); 
+        return $response->withHeader('Content-Type', 'application/json')->withStatus(500); 
+    }
+
+    return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
+});
+
 /** 
 * Function which parse token, decode user infos from this token and Throws  
 * UnauthenticatedException if Authentication Issue.