feat: Deleting root user now returns 400.

9 files changed, 77 insertions, 7 deletions

diff --git a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs
index df3d1861..90c4ed99 100644
--- a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs
+++ b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs
@@ -44,6 +44,7 @@
             public const int UsernameConflict = 1_102_01_01;

             public const int ChangePassword_BadOldPassword = 1_102_02_01;

             public const int ChangePermission_RootUser = 1_102_03_01;

+            public const int Delete_RootUser = 1_102_04_01;

         }

 

         public static class UserAvatar

diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs
index 0c2e0b0d..55a37198 100644
--- a/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs
+++ b/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs
@@ -176,6 +176,13 @@ namespace Timeline.Tests.IntegratedTests
         }

 

         [Fact]

+        public async Task DeleteRootUser_Should_Error()

+        {

+            using var client = await CreateClientAsAdministrator();

+            await client.TestDeleteAssertErrorAsync("users/admin", errorCode: ErrorCodes.UserController.Delete_RootUser);

+        }

+

+        [Fact]

         public async Task Delete_InvalidModel()

         {

             using var client = await CreateClientAsAdministrator();

diff --git a/BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs b/BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs
new file mode 100644
index 00000000..be11564e
--- /dev/null
+++ b/BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs
@@ -0,0 +1,27 @@
+using FluentAssertions;

+using Microsoft.Extensions.Logging.Abstractions;

+using Moq;

+using System.Threading.Tasks;

+using Timeline.Services;

+using Timeline.Services.Exceptions;

+using Xunit;

+

+namespace Timeline.Tests.Services

+{

+    public class UserDeleteServiceTest : DatabaseBasedTest

+    {

+        private readonly Mock<ITimelineService> _mockTimelineService = new Mock<ITimelineService>();

+        private UserDeleteService _service = default!;

+

+        protected override void OnDatabaseCreated()

+        {

+            _service = new UserDeleteService(NullLogger<UserDeleteService>.Instance, Database, _mockTimelineService.Object);

+        }

+

+        [Fact]

+        public async Task DeleteRootUser_Should_Throw()

+        {

+            await _service.Awaiting(s => s.DeleteUser("admin")).Should().ThrowAsync<InvalidOperationOnRootUserException>();

+        }

+    }

+}

diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs
index da34cb1b..8edae139 100644
--- a/BackEnd/Timeline/Controllers/UserController.cs
+++ b/BackEnd/Timeline/Controllers/UserController.cs
@@ -138,15 +138,23 @@ namespace Timeline.Controllers
         /// <returns>Info of deletion.</returns>

         [HttpDelete("users/{username}"), PermissionAuthorize(UserPermission.UserManagement)]

         [ProducesResponseType(StatusCodes.Status200OK)]

+        [ProducesResponseType(StatusCodes.Status400BadRequest)]

         [ProducesResponseType(StatusCodes.Status401Unauthorized)]

         [ProducesResponseType(StatusCodes.Status403Forbidden)]

         public async Task<ActionResult<CommonDeleteResponse>> Delete([FromRoute][Username] string username)

         {

-            var delete = await _userDeleteService.DeleteUser(username);

-            if (delete)

-                return Ok(CommonDeleteResponse.Delete());

-            else

-                return Ok(CommonDeleteResponse.NotExist());

+            try

+            {

+                var delete = await _userDeleteService.DeleteUser(username);

+                if (delete)

+                    return Ok(CommonDeleteResponse.Delete());

+                else

+                    return Ok(CommonDeleteResponse.NotExist());

+            }

+            catch (InvalidOperationOnRootUserException)

+            {

+                return BadRequest(ErrorResponse.UserController.Delete_RootUser());

+            }

         }

 

         /// <summary>

diff --git a/BackEnd/Timeline/Models/Http/ErrorResponse.cs b/BackEnd/Timeline/Models/Http/ErrorResponse.cs
index 616a0037..10755fd1 100644
--- a/BackEnd/Timeline/Models/Http/ErrorResponse.cs
+++ b/BackEnd/Timeline/Models/Http/ErrorResponse.cs
@@ -166,6 +166,16 @@ namespace Timeline.Models.Http
                 return new CommonResponse(ErrorCodes.UserController.ChangePermission_RootUser, string.Format(message, formatArgs));

             }

 

+            public static CommonResponse Delete_RootUser(params object?[] formatArgs)

+            {

+                return new CommonResponse(ErrorCodes.UserController.Delete_RootUser, string.Format(UserController_Delete_RootUser, formatArgs));

+            }

+

+            public static CommonResponse CustomMessage_Delete_RootUser(string message, params object?[] formatArgs)

+            {

+                return new CommonResponse(ErrorCodes.UserController.Delete_RootUser, string.Format(message, formatArgs));

+            }

+

         }

 

         public static class UserAvatar

diff --git a/BackEnd/Timeline/Resources/Messages.Designer.cs b/BackEnd/Timeline/Resources/Messages.Designer.cs
index fd3e1848..c6b7d5e7 100644
--- a/BackEnd/Timeline/Resources/Messages.Designer.cs
+++ b/BackEnd/Timeline/Resources/Messages.Designer.cs
@@ -367,6 +367,15 @@ namespace Timeline.Resources {
         }

         

         /// <summary>

+        ///   Looks up a localized string similar to You can&apos;t delete root user..

+        /// </summary>

+        internal static string UserController_Delete_RootUser {

+            get {

+                return ResourceManager.GetString("UserController_Delete_RootUser", resourceCulture);

+            }

+        }

+        

+        /// <summary>

         ///   Looks up a localized string similar to You can&apos;t set permission unless you are administrator..

         /// </summary>

         internal static string UserController_Patch_Forbid_Administrator {

diff --git a/BackEnd/Timeline/Resources/Messages.resx b/BackEnd/Timeline/Resources/Messages.resx
index d808499b..2386d1eb 100644
--- a/BackEnd/Timeline/Resources/Messages.resx
+++ b/BackEnd/Timeline/Resources/Messages.resx
@@ -219,6 +219,9 @@
   <data name="UserController_ChangePermission_RootUser" xml:space="preserve">

     <value>You can't change permission of root user.</value>

   </data>

+  <data name="UserController_Delete_RootUser" xml:space="preserve">

+    <value>You can't delete root user.</value>

+  </data>

   <data name="UserController_Patch_Forbid_Administrator" xml:space="preserve">

     <value>You can't set permission unless you are administrator.</value>

   </data>

diff --git a/BackEnd/Timeline/Services/UserDeleteService.cs b/BackEnd/Timeline/Services/UserDeleteService.cs
index b6306682..5365313b 100644
--- a/BackEnd/Timeline/Services/UserDeleteService.cs
+++ b/BackEnd/Timeline/Services/UserDeleteService.cs
@@ -7,6 +7,7 @@ using System.Threading.Tasks;
 using Timeline.Entities;

 using Timeline.Helpers;

 using Timeline.Models.Validation;

+using Timeline.Services.Exceptions;

 using static Timeline.Resources.Services.UserService;

 

 namespace Timeline.Services

@@ -20,6 +21,7 @@ namespace Timeline.Services
         /// <returns>True if user is deleted, false if user not exist.</returns>

         /// <exception cref="ArgumentNullException">Thrown if <paramref name="username"/> is null.</exception>

         /// <exception cref="ArgumentException">Thrown when <paramref name="username"/> is of bad format.</exception>

+        /// <exception cref="InvalidOperationOnRootUserException">Thrown when deleting root user.</exception>

         Task<bool> DeleteUser(string username);

     }

 

@@ -54,6 +56,9 @@ namespace Timeline.Services
             if (user == null)

                 return false;

 

+            if (user.Id == 1)

+                throw new InvalidOperationOnRootUserException("Can't delete root user.");

+

             await _timelineService.DeleteAllPostsOfUser(user.Id);

 

             _databaseContext.Users.Remove(user);

diff --git a/BackEnd/Timeline/Services/UserPermissionService.cs b/BackEnd/Timeline/Services/UserPermissionService.cs
index 2fdf3d2d..42c93283 100644
--- a/BackEnd/Timeline/Services/UserPermissionService.cs
+++ b/BackEnd/Timeline/Services/UserPermissionService.cs
@@ -127,7 +127,7 @@ namespace Timeline.Services
         /// <param name="userId">The id of the user.</param>

         /// <param name="permission">The new permission.</param>

         /// <exception cref="UserNotExistException">Thrown when user does not exist.</exception>

-        /// <exception cref="InvalidOperationException">Thrown when change root user's permission.</exception>

+        /// <exception cref="InvalidOperationOnRootUserException">Thrown when change root user's permission.</exception>

         Task AddPermissionToUserAsync(long userId, UserPermission permission);

 

         /// <summary>

@@ -137,7 +137,7 @@ namespace Timeline.Services
         /// <param name="permission">The permission.</param>

         /// <param name="checkUserExistence">Whether check the user's existence.</param>

         /// <exception cref="UserNotExistException">Thrown when <paramref name="checkUserExistence"/> is true and user does not exist.</exception>

-        /// <exception cref="InvalidOperationException">Thrown when change root user's permission.</exception>

+        /// <exception cref="InvalidOperationOnRootUserException">Thrown when change root user's permission.</exception>

         Task RemovePermissionFromUserAsync(long userId, UserPermission permission, bool checkUserExistence = true);

     }