diff --git a/code/backend/nest_backend/routes/users/user_delete.py b/code/backend/nest_backend/routes/users/user_delete.py new file mode 100644 index 0000000..892e3fb --- /dev/null +++ b/code/backend/nest_backend/routes/users/user_delete.py @@ -0,0 +1,28 @@ +from flask import render_template, abort, jsonify, request +from ...database import * +from flask_jwt_extended import jwt_required +from ...gestione import * +from flask_cors import cross_origin + + +@cross_origin() +@jwt_required() +def page_user_delete(): + """ + API call that allows an user to be deleted from NEST. + :parameter email: The email of the user that needs to be removed. + :return: JSON-formatted data. If the user has the privilege, the target user exists and differs from the current + user, the target gets deleted and a json containing the field "result":"success" is returned. + """ + user = find_user(get_jwt_identity()) + if not user.isAdmin: + return json_error("User is not admin."), 403 + deluser=request.json.get('email') + target = find_user(deluser) + if not target: + return json_error("User not found."), 404 + if user == target: + return json_error("The user cant delete himself. Its a sin."), 406 + Base.session.delete(target) + Base.session.commit() + return json_success("The user has been deleted.") diff --git a/code/backend/nest_backend/test/user_delete_test.py b/code/backend/nest_backend/test/user_delete_test.py new file mode 100644 index 0000000..5faa754 --- /dev/null +++ b/code/backend/nest_backend/test/user_delete_test.py @@ -0,0 +1,26 @@ +import requests +import json +import unittest + +auth_code = "" + + +class MyTestCase(unittest.TestCase): + def test_user_delete(self): + global auth_code + + r = requests.post('http://localhost:5000/api/login', json={'email': 'admin@admin.com', 'password': 'password'}) + j = json.loads(r.text) + assert j['result'] == "success" + auth_code = j['data']['access_token'] + + r = requests.post(f'http://localhost:5000/api/user/remove', headers={'authorization': "Bearer " + auth_code}, + json={'email': 'utente15@nest.com'}) + j = json.loads(r.text) + assert j['result'] == "success" + + print("User_delete eseguito correttamente!") + + print("Testing del metodo user_delete") + +