D13630.id.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D13630.id.diff
View Options

	diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
	--- a/services/identity/src/constants.rs
	+++ b/services/identity/src/constants.rs
	@@ -275,6 +275,7 @@
	pub const MISSING_KEY: &str = "missing_key";
	pub const MESSAGE_NOT_AUTHENTICATED: &str = "message_not_authenticated";
	pub const RETRY_FROM_NATIVE: &str = "retry_from_native";
	+ pub const USER_IS_NOT_STAFF: &str = "user_is_not_staff";
	}

	// Tunnelbroker
	diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
	--- a/services/identity/src/grpc_services/authenticated.rs
	+++ b/services/identity/src/grpc_services/authenticated.rs
	@@ -625,9 +625,26 @@
	#[tracing::instrument(skip_all)]
	async fn privileged_delete_users(
	&self,
	- _request: tonic::Request<PrivilegedDeleteUsersRequest>,
	+ request: tonic::Request<PrivilegedDeleteUsersRequest>,
	) -> Result<tonic::Response<Empty>, tonic::Status> {
	- unimplemented!()
	+ const STAFF_USER_IDS: [&str; 1] = ["256"];
	+
	+ let (user_id, _) = get_user_and_device_id(&request)?;
	+ if !STAFF_USER_IDS.contains(&user_id.as_str()) {
	+ return Err(Status::permission_denied(
	+ tonic_status_messages::USER_IS_NOT_STAFF,
	+ ));
	+ }
	+
	+ for user_id_to_delete in request.into_inner().user_ids {
	+ self
	+ .delete_tunnelbroker_and_backup_data(&user_id_to_delete)
	+ .await?;
	+ self.db_client.delete_user(user_id_to_delete).await?;
	+ }
	+
	+ let response = Empty {};
	+ Ok(Response::new(response))
	}

	#[tracing::instrument(skip_all)]