don't delete yourself

This commit is contained in:
Jörn-Michael Miehe 2022-03-29 15:38:36 +00:00
parent f058f29d9a
commit fdc85bf529
2 changed files with 9 additions and 0 deletions

View file

@ -52,6 +52,10 @@ class Responses:
"description": "Entry does not exist in database", "description": "Entry does not exist in database",
"content": None, "content": None,
} }
CANT_TARGET_SELF = {
"description": "Operation can't target yourself",
"content": None,
}
async def get_current_user( async def get_current_user(

View file

@ -109,6 +109,7 @@ async def add_user(
status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
status.HTTP_403_FORBIDDEN: Responses.NEEDS_ADMIN, status.HTTP_403_FORBIDDEN: Responses.NEEDS_ADMIN,
status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST, status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
status.HTTP_406_NOT_ACCEPTABLE: Responses.CANT_TARGET_SELF,
}, },
response_model=User, response_model=User,
) )
@ -120,6 +121,10 @@ async def remove_user(
DELETE ./{user_name}: Remove a user from the database. DELETE ./{user_name}: Remove a user from the database.
""" """
# stop inting
if current_user.name == user.name:
raise HTTPException(status_code=status.HTTP_406_NOT_ACCEPTABLE)
# delete user # delete user
user.delete() user.delete()