Fix home space deletion when deleting user by name

DELETE requess on /graph/v1.0/users also work when specifing a user by name. For deleting the home space in that case we need to get the User's id from the backend first. Fixes: #4195
2026-01-06 12:19:37 -06:00 · 2022-09-07 18:13:41 +02:00
parent e4f9dfa40e
commit f43a233795
1 changed files with 14 additions and 4 deletions
--- a/services/graph/pkg/service/v0/users.go
+++ b/services/graph/pkg/service/v0/users.go
@@ -263,11 +263,21 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "missing user id")
 		return
 	}
+	user, err := g.identityBackend.GetUser(r.Context(), userID, r.URL.Query())
+	if err != nil {
+		var errcode errorcode.Error
+		if errors.As(err, &errcode) {
+			errcode.Render(w, r)
+		} else {
+			errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error())
+		}
+		return
+	}

 	currentUser := ctxpkg.ContextMustGetUser(r.Context())

 	opaque := utils.AppendPlainToOpaque(nil, "unrestricted", "T")
-	f := listStorageSpacesUserFilter(userID)
+	f := listStorageSpacesUserFilter(user.GetId())
 	lspr, err := g.gatewayClient.ListStorageSpaces(r.Context(), &storageprovider.ListStorageSpacesRequest{
 		Opaque:  opaque,
 		Filters: []*storageprovider.ListStorageSpacesRequest_Filter{f},
@@ -277,7 +287,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	for _, sp := range lspr.GetStorageSpaces() {
-		if !(sp.SpaceType == "personal" && sp.Owner.Id.OpaqueId == userID) {
+		if !(sp.SpaceType == "personal" && sp.Owner.Id.OpaqueId == user.GetId()) {
 			continue
 		}
 		// TODO: check if request contains a homespace and if, check if requesting user has the privilege to
@@ -311,7 +321,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		break
 	}

-	err = g.identityBackend.DeleteUser(r.Context(), userID)
+	err = g.identityBackend.DeleteUser(r.Context(), user.GetId())

 	if err != nil {
 		var errcode errorcode.Error
@@ -323,7 +333,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	g.publishEvent(events.UserDeleted{Executant: currentUser.Id, UserID: userID})
+	g.publishEvent(events.UserDeleted{Executant: currentUser.Id, UserID: user.GetId()})

 	render.Status(r, http.StatusNoContent)
 	render.NoContent(w, r)