From a2f8b985c6d98bbbb78f3a2d33b500443e8c94e7 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <daniel.gerhardt@mni.thm.de>
Date: Fri, 11 Apr 2014 17:22:48 +0200
Subject: [PATCH] Add delete action for user accounts

---
 .../arsnova/controller/UserController.java    |  9 +++++++++
 .../java/de/thm/arsnova/dao/CouchDBDao.java   | 13 ++++++++++++
 .../java/de/thm/arsnova/dao/IDatabaseDao.java |  6 ++++--
 .../de/thm/arsnova/services/IUserService.java |  8 +++++---
 .../de/thm/arsnova/services/UserService.java  | 20 +++++++++++++++++++
 5 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/controller/UserController.java b/src/main/java/de/thm/arsnova/controller/UserController.java
index a525180f..c6f2e279 100644
--- a/src/main/java/de/thm/arsnova/controller/UserController.java
+++ b/src/main/java/de/thm/arsnova/controller/UserController.java
@@ -93,4 +93,13 @@ public class UserController extends AbstractController {
 
 		response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 	}
+
+	@RequestMapping(value = { "/{username}/delete" }, method = RequestMethod.POST)
+	public final void activate(@PathVariable final String username,
+			final HttpServletRequest request,
+			final HttpServletResponse response) {
+		if (null == userService.deleteDbUser(username)) {
+			response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+		}
+	}
 }
diff --git a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
index 508bf5d9..53c3d4ea 100644
--- a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
+++ b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
@@ -1385,4 +1385,17 @@ public class CouchDBDao implements IDatabaseDao {
 			DbUser.class
 		);
 	}
+
+	@Override
+	public boolean deleteUser(DbUser dbUser) {
+		try {
+			this.deleteDocument(dbUser.getId());
+
+			return true;
+		} catch (IOException e) {
+			LOGGER.error("Could not delete user {}", dbUser.getId());
+		}
+
+		return false;
+	}
 }
diff --git a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
index b30507c2..4bb273c4 100644
--- a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
+++ b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
@@ -162,8 +162,10 @@ public interface IDatabaseDao {
 	void publishAllQuestions(Session session, boolean publish);
 
 	void deleteAllQuestionsAnswers(Session session);
-	
+
 	DbUser createOrUpdateUser(DbUser user);
-	
+
 	DbUser getUser(String username);
+
+	boolean deleteUser(DbUser dbUser);
 }
diff --git a/src/main/java/de/thm/arsnova/services/IUserService.java b/src/main/java/de/thm/arsnova/services/IUserService.java
index 9ed3a108..f3d0800c 100644
--- a/src/main/java/de/thm/arsnova/services/IUserService.java
+++ b/src/main/java/de/thm/arsnova/services/IUserService.java
@@ -54,10 +54,12 @@ public interface IUserService {
 	void removeUserFromMaps(User user);
 
 	int loggedInUsers();
-	
+
 	DbUser getDbUser(String username);
-	
+
 	DbUser createDbUser(String username, String password);
-	
+
 	DbUser updateDbUser(DbUser dbUser);
+
+	DbUser deleteDbUser(String username);
 }
diff --git a/src/main/java/de/thm/arsnova/services/UserService.java b/src/main/java/de/thm/arsnova/services/UserService.java
index a4ef5f51..2a5da939 100644
--- a/src/main/java/de/thm/arsnova/services/UserService.java
+++ b/src/main/java/de/thm/arsnova/services/UserService.java
@@ -45,6 +45,7 @@ import com.github.leleuj.ss.oauth.client.authentication.OAuthAuthenticationToken
 import de.thm.arsnova.dao.IDatabaseDao;
 import de.thm.arsnova.entities.DbUser;
 import de.thm.arsnova.entities.User;
+import de.thm.arsnova.exceptions.NotFoundException;
 import de.thm.arsnova.exceptions.UnauthorizedException;
 import de.thm.arsnova.socket.ARSnovaSocketIOServer;
 
@@ -365,4 +366,23 @@ public class UserService implements IUserService {
 
 		return null;
 	}
+
+	@Override
+	public DbUser deleteDbUser(String username) {
+		User user = getCurrentUser();
+		if (!user.getUsername().equals(username)
+				&& SecurityContextHolder.getContext().getAuthentication().getAuthorities()
+						.contains(new SimpleGrantedAuthority("ROLE_ADMIN"))) {
+			throw new UnauthorizedException();
+		}
+
+		DbUser dbUser = databaseDao.getUser(username);
+		if (null == dbUser) {
+			throw new NotFoundException();
+		}
+
+		databaseDao.deleteUser(dbUser);
+
+		return dbUser;
+	}
 }
-- 
GitLab