-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
// SPDX-FileCopyrightText: 2025 Shota FUJI <pockawoooh@gmail.com>
// SPDX-License-Identifier: AGPL-3.0-only
package workspace
import (
"context"
"slices"
"connectrpc.com/connect"
"google.golang.org/protobuf/proto"
eventV1 "pocka.jp/x/yamori/proto/go/backend/events/v1"
"pocka.jp/x/yamori/proto/go/backend/workspace/v1/types"
errorV1 "pocka.jp/x/yamori/proto/go/error/v1"
workspaceV2 "pocka.jp/x/yamori/proto/go/workspace/v2"
"pocka.jp/x/yamori/backend/core"
"pocka.jp/x/yamori/backend/core/event"
"pocka.jp/x/yamori/backend/core/projection"
workspaceEvent "pocka.jp/x/yamori/backend/events/workspace"
)
func deleteUserSystemError(message string) *connect.Response[workspaceV2.DeleteUserResponse] {
return connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_SystemError{
SystemError: &errorV1.SystemError{
Message: proto.String(message),
},
},
})
}
func deleteUserAuthError() *connect.Response[workspaceV2.DeleteUserResponse] {
return connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_AuthenticationError{
AuthenticationError: &errorV1.AuthenticationError{},
},
})
}
func deleteUserPermError() *connect.Response[workspaceV2.DeleteUserResponse] {
return connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_PermissionError{
PermissionError: &errorV1.PermissionError{},
},
})
}
func deleteUserMissingField(path string) *connect.Response[workspaceV2.DeleteUserResponse] {
return connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_MissingFieldError{
MissingFieldError: &errorV1.MissingFieldError{
Path: proto.String(path),
},
},
})
}
func (s *Service) DeleteUser(
ctx context.Context,
req *connect.Request[workspaceV2.DeleteUserRequest],
) (*connect.Response[workspaceV2.DeleteUserResponse], error) {
logger := s.core.Logger.With(
"service", "yamori.workspace.v2.WorkspaceService",
"method", "DeleteUser",
)
header := req.Header()
token, err := s.core.LoadTokenFromCookie(&header)
if err != nil || token == nil {
return deleteUserAuthError(), nil
}
tx, err := s.core.DB.Begin()
if err != nil {
logger.Error("Failed to begin transaction", "error", err)
return deleteUserSystemError("Database error"), nil
}
defer tx.Rollback()
secret, err := projection.GetLoginJwtSecret(tx)
if err != nil {
logger.Error("Failed to read login_jwt_secret projection", "error", err)
return deleteUserSystemError("Database error"), nil
}
workspace, err := projection.GetWorkspace(tx)
if err != nil {
logger.Error("Failed to read workspace projection", "error", err)
return deleteUserSystemError("Database error"), nil
}
users, err := projection.GetUsers(tx)
if err != nil {
logger.Error("Failed to read users projection", "error", err)
return deleteUserSystemError("Database error"), nil
}
if err := event.UpdateProjections(tx, workspace, secret, users); err != nil {
logger.Error("Failed to update projections", "error", err)
return deleteUserSystemError("Database error"), nil
}
user, err := token.FindUser(secret, users)
if err != nil {
logger.Warn("Malformed token found", "error", err)
return deleteUserAuthError(), nil
}
if req.Msg.Id == nil {
return deleteUserMissingField("id"), nil
}
id := req.Msg.Id.GetValue()
if id == "" {
return deleteUserMissingField("id.value"), nil
}
for _, u := range users.Projection.Users {
if u.GetId() == id {
requiredPerm := types.Permission_PERMISSION_DELETE_REGULAR_USER
if u.GetIsAdmin() {
requiredPerm = types.Permission_PERMISSION_DELETE_ADMIN_USER
}
if !slices.Contains(user.Permissions, requiredPerm) {
return deleteUserPermError(), nil
}
if u.GetIsAdmin() && workspace.Projection.GetNumberOfAdmins() == 1 {
return connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_YouAreTheOnlyAdmin{
YouAreTheOnlyAdmin: req.Msg.Id,
},
}), nil
}
err := event.AppendEvents(tx, []*eventV1.Event{
workspaceEvent.DeleteUser(id),
})
if err != nil {
logger.Error("Failed to append user delete event", "error", err)
return deleteUserSystemError("Database error"), nil
}
if err := event.UpdateProjections(tx, workspace, users); err != nil {
logger.Error("Failed to update workspace and users projection")
return deleteUserSystemError("Database error"), nil
}
if err := tx.Commit(); err != nil {
logger.Error("Failed to commit transaction", "error", err)
return deleteUserSystemError("Database error"), nil
}
res := connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_Ok{
Ok: projectionUserToMessage(u),
},
})
if user.GetId() == id {
header := res.Header()
core.DeleteTokenFromCookie(&header)
}
return res, nil
}
}
return connect.NewResponse(&workspaceV2.DeleteUserResponse{
Result: &workspaceV2.DeleteUserResponse_NotFound{
NotFound: &errorV1.NotFound{
TypeName: proto.String("yamori.workspace.v2.User"),
},
},
}), nil
}