fix: disable admin self user delete

This commit is contained in:
Timothy J. Baek 2023-12-28 23:07:46 -08:00
parent b61bb77950
commit ad1cb5fc25

View file

@ -87,15 +87,21 @@ async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)):
if user:
if user.role == "admin":
if user.id != user_id:
result = Users.delete_user_by_id(user_id)
if result:
return True
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.DELETE_USER_ERROR,
)
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,