43 lines
1.1 KiB
Rust
43 lines
1.1 KiB
Rust
use actix_web::{post, web::Data, HttpRequest, HttpResponse};
|
|
use serde::Deserialize;
|
|
|
|
use crate::{
|
|
ctx::Ctx, db::models::Account, error::NekrochanError, qsform::QsForm,
|
|
web::tcx::account_from_auth,
|
|
};
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct RemoveAccountsForm {
|
|
#[serde(default)]
|
|
accounts: Vec<String>,
|
|
}
|
|
|
|
#[post("/staff/actions/remove-accounts")]
|
|
pub async fn remove_accounts(
|
|
ctx: Data<Ctx>,
|
|
req: HttpRequest,
|
|
QsForm(form): QsForm<RemoveAccountsForm>,
|
|
) -> Result<HttpResponse, NekrochanError> {
|
|
let account = account_from_auth(&ctx, &req).await?;
|
|
|
|
if !account.perms().owner() {
|
|
return Err(NekrochanError::InsufficientPermissionError);
|
|
}
|
|
|
|
for account in form.accounts {
|
|
if let Some(account) = Account::read(&ctx, account).await? {
|
|
if account.owner {
|
|
return Err(NekrochanError::OwnerDeletionError);
|
|
}
|
|
|
|
account.delete(&ctx).await?;
|
|
}
|
|
}
|
|
|
|
let res = HttpResponse::SeeOther()
|
|
.append_header(("Location", "/staff/accounts"))
|
|
.finish();
|
|
|
|
Ok(res)
|
|
}
|