Merge pull request #133 from tawoe/removeUsers

delete user
2026-02-06 17:16:49 +00:00 · 2021-06-29 14:34:54 +02:00 · 2021-06-29 14:34:54 +02:00 · 83da126472
commit 83da126472
parent b4ebd671ee 7acfc14129
3 changed files with 43 additions and 1 deletions
--- a/apimanager/users/templates/users/detail.html
+++ b/apimanager/users/templates/users/detail.html
@ -27,6 +27,13 @@
 		<span>{{ apiuser.provider_id }}</span>
 	</div>

+    <form action="{% url 'users-delete-user' apiuser.user_id  %}" method="post">
+        {% csrf_token %}
+        <input type="hidden" name="next" value="{{ request.path }}" />
+        <input type="hidden" name="role_name" value="{{ entitlement.role_name }}" />
+        <button type="submit" class="btn btn-primary btn-red">Delete User</button>
+    </form>
+

 {% if apiuser.user_id %}
 	<div id="users-detail-entitlements">
--- a/apimanager/users/urls.py
+++ b/apimanager/users/urls.py
@ -5,7 +5,7 @@ URLs for users app

 from django.conf.urls import url

-from .views import IndexView, DetailView, MyDetailView, DeleteEntitlementView,InvitationView
+from .views import IndexView, DetailView, MyDetailView, DeleteEntitlementView,InvitationView, DeleteUserView

 urlpatterns = [
    url(r'^all$',
@ -23,4 +23,7 @@ urlpatterns = [
    url(r'^(?P<user_id>[\w-]+)/entitlement/delete/(?P<entitlement_id>[\w-]+)$',
        DeleteEntitlementView.as_view(),
        name='users-delete-entitlement'),
+    url(r'^(?P<user_id>[\w-]+)/delete$',
+        DeleteUserView.as_view(),
+        name='users-delete-user'),
 ]
--- a/apimanager/users/views.py
+++ b/apimanager/users/views.py
@ -343,3 +343,35 @@ class DeleteEntitlementView(LoginRequiredMixin, View):
             redirect_url = reverse('users-index')
        
        return HttpResponseRedirect(redirect_url)
+
+
+class DeleteUserView(LoginRequiredMixin, View):
+    """View to delete a user"""
+
+    def post(self, request, *args, **kwargs):
+        """Deletes a user via API"""
+        api = API(self.request.session.get('obp'))
+        try:
+            urlpath = '/users/{}'.format(
+                kwargs['user_id'])
+            result = api.delete(urlpath)
+            if result is not None and 'code' in result and result['code'] >= 400:
+                messages.error(request, result['message'])
+            else:
+                msg = 'User with ID {} has been deleted.'.format(kwargs['user_id'])
+                messages.success(request, msg)
+        except APIError as err:
+            messages.error(request, err)
+        except:
+            messages.error(self.request, 'Unknown Error')
+
+        # from sonarcloud: Change this code to not perform redirects based on user-controlled data.
+        redirect_url_from_gui = request.POST.get('next', reverse('users-index'))
+        if "/users/all/user_id/" in str(redirect_url_from_gui):
+            redirect_url = reverse('users-detail', kwargs={"user_id": kwargs['user_id']})
+        elif ("/users/myuser/user_id/" in str(redirect_url_from_gui)):
+            redirect_url = reverse('my-user-detail', kwargs={"user_id": kwargs['user_id']})
+        else:
+            redirect_url = reverse('users-index')
+
+        return HttpResponseRedirect(redirect_url)