func (controller *usersController) deletePost(rw http.ResponseWriter, req *http.Request) (int, error) {
err := req.ParseForm()
if err != nil {
return http.StatusInternalServerError, err
}
decoder := schema.NewDecoder()
// Ignore unknown keys to prevent errors from the CSRF token.
decoder.IgnoreUnknownKeys(true)
formUser := new(viewmodels.UsersEditViewModel)
err = decoder.Decode(formUser, req.PostForm)
if err != nil {
return http.StatusInternalServerError, err
}
isAuthenticated, currentUser := getCurrentUser(rw, req, controller.authorizer)
valErrors := validateDeleteUserForm(formUser, currentUser.Username)
if len(valErrors) > 0 {
vm := viewmodels.DeleteUserViewModel(formUser, isAuthenticated, currentUser, valErrors)
vm.CsrfField = csrf.TemplateField(req)
return http.StatusOK, controller.deleteTemplate.Execute(rw, vm)
}
var user httpauth.UserData
user.Username = formUser.Username
err = controller.authorizer.DeleteUser(user.Username)
if err != nil {
return http.StatusInternalServerError, err
}
http.Redirect(rw, req, "/settings/users", http.StatusSeeOther)
return http.StatusSeeOther, nil
}
func (controller *usersController) deleteGet(rw http.ResponseWriter, req *http.Request) (int, error) {
vars := mux.Vars(req)
username := vars["username"]
// Get the user to delete for confirmation
deleteUser, err := controller.authBackend.User(username)
if err != nil {
return http.StatusInternalServerError, err
}
isAuthenticated, user := getCurrentUser(rw, req, controller.authorizer)
userDelete := new(viewmodels.UsersEditViewModel)
userDelete.Email = deleteUser.Email
userDelete.Role = deleteUser.Role
userDelete.Username = deleteUser.Username
vm := viewmodels.DeleteUserViewModel(userDelete, isAuthenticated, user, make(map[string]string))
vm.CsrfField = csrf.TemplateField(req)
return http.StatusOK, controller.deleteTemplate.Execute(rw, vm)
}
