Implement deleting accounts

src/api/controllers/UserController.ts

@@ -1,4 +1,4 @@
-import { Body, CurrentUser, Get, JsonController, Param, Params, Post } from 'routing-controllers';
+import { Body, CurrentUser, Get, JsonController, Param, Params, Post, Delete} from 'routing-controllers';
 
 import { UserModel } from '../../models/UserModel';
 import { UserService } from '../../services/UserService';
@@ -58,4 +58,9 @@ export class UserController {
   async unblockUser(@Body() blockUserRequest: BlockUserRequest, @CurrentUser() user: UserModel): Promise<GetUserResponse> {
     return { user: await this.userService.unblockUser(user, blockUserRequest) }
   }
+
+  @Delete('id/:id/')
+  async deleteUser(@Params() params: UuidParam, @CurrentUser() user: UserModel): Promise<GetUserResponse> {
+    return { user: await this.userService.deleteUser(user, params) };
+  }
 }

src/services/UserService.ts

@@ -113,4 +113,16 @@ export class UserService {
       return userRepository.unblockUser(user, blocked);
     });
   }
+
+  public async deleteUser(user: UserModel, params: UuidParam): Promise<UserModel> {
+    return this.transactions.readWrite(async (transactionalEntityManager) => {
+      const userRepository = Repositories.user(transactionalEntityManager);
+      const userToDelete = await userRepository.getUserById(params.id);
+      if (!userToDelete) throw new NotFoundError('User not found!');
+      if (user.id !== userToDelete.id && !user.admin) {
+        throw new UnauthorizedError('User does not have permission to delete other users');
+      }
+      return userRepository.deleteUser(userToDelete);
+    });
+  }
 }

src/tests/UserTest.test.ts

@@ -269,4 +269,64 @@ describe('user tests', () => {
       expect(error.message).toBe('User is not blocked!');
     }
   });
+
+  test('delete users - user deletes themselves', async () => {
+    const admin = UserFactory.fake();
+    const user = UserFactory.fakeTemplate();
+    admin.admin = true;
+
+    await new DataFactory()
+      .createUsers(user)
+      .write();
+
+    const preDeleteUserResponse = await userController.getUsers(admin);
+    expect(preDeleteUserResponse.users).toHaveLength(1);
+
+    const getUserResponse = await userController.getUserById(uuidParam);
+    if (getUserResponse.user != undefined) {
+      getUserResponse.user.stars = Number(getUserResponse.user.stars);
+    }
+    expect(getUserResponse.user).toEqual(expectedUser);
+
+    const deleteUserResponse = await userController.deleteUser(uuidParam, user);
+    if (deleteUserResponse.user != undefined) {
+      deleteUserResponse.user.stars = Number(deleteUserResponse.user.stars);
+    }
+    const getUsersResponse = await userController.getUsers(admin);
+    expect(getUsersResponse.users).toHaveLength(0);
+  });
+
+  test('delete users - user deletes another user', async () => {
+    const admin = UserFactory.fake();
+    const user = UserFactory.fakeTemplate();
+    admin.admin = true;
+
+    await new DataFactory()
+      .createUsers(admin, user)
+      .write();
+
+    const preDeleteUserResponse = await userController.getUsers(admin);
+    expect(preDeleteUserResponse.users).toHaveLength(2);
+
+    const deleteUserResponse = await userController.deleteUser(uuidParam, admin);
+    if (deleteUserResponse.user != undefined) {
+      deleteUserResponse.user.stars = Number(deleteUserResponse.user.stars);
+    }
+    const getUsersResponse = await userController.getUsers(admin);
+    expect(getUsersResponse.users).toHaveLength(1);
+  });
+
+  test('delete users - user that is not an admin tries to delete another user', async () => {
+    const [user1, user2] = UserFactory.create(2);
+
+    await new DataFactory()
+      .createUsers(user1, user2)
+      .write();
+
+    try {
+      await userController.deleteUser({id: user2.id}, user1);
+    } catch (error) {
+      expect(error.message).toBe('User does not have permission to delete other users');
+    }
+  });
 });