// DELETE: /clientgroup/{id}
func (cr *ClientGroupController) Delete(id string, cx *goweb.Context) {
LogRequest(cx.Request)
// Try to authenticate user.
u, err := request.Authenticate(cx.Request)
if err != nil && err.Error() != e.NoAuth {
cx.RespondWithErrorMessage(err.Error(), http.StatusUnauthorized)
return
}
// If no auth was provided and ANON_CG_DELETE is true, use the public user.
// Otherwise if no auth was provided, throw an error.
// Otherwise, proceed with deletion of the clientgroup using the user.
if u == nil {
if conf.ANON_CG_DELETE == true {
u = &user.User{Uuid: "public"}
} else {
cx.RespondWithErrorMessage(e.UnAuth, http.StatusUnauthorized)
return
}
}
// Load clientgroup by id
cg, err := core.LoadClientGroup(id)
if err != nil {
if err == mgo.ErrNotFound {
cx.RespondWithNotFound()
} else {
// In theory the db connection could be lost between
// checking user and load but seems unlikely.
cx.RespondWithErrorMessage("clientgroup id not found:"+id, http.StatusBadRequest)
}
return
}
// User must have delete permissions on clientgroup or be clientgroup owner or be an admin or the clientgroup is publicly deletable.
// The other possibility is that public deletion of clientgroups is enabled and the clientgroup is publicly deletable.
rights := cg.Acl.Check(u.Uuid)
public_rights := cg.Acl.Check("public")
if (u.Uuid != "public" && (cg.Acl.Owner == u.Uuid || rights["delete"] == true || u.Admin == true || public_rights["delete"] == true)) ||
(u.Uuid == "public" && conf.ANON_CG_DELETE == true && public_rights["delete"] == true) {
err := core.DeleteClientGroup(id)
if err != nil {
cx.RespondWithErrorMessage("Could not delete clientgroup.", http.StatusInternalServerError)
return
}
cx.RespondWithOK()
return
}
cx.RespondWithErrorMessage(e.UnAuth, http.StatusUnauthorized)
return
}
}
// If no auth was provided, and anonymous read is allowed, use the public user
if u == nil {
if conf.ANON_CG_READ == true {
u = &user.User{Uuid: "public"}
} else {
cx.RespondWithErrorMessage(e.NoAuth, http.StatusUnauthorized)
return
}
}
cgid := cx.PathParams["cgid"]
// Load clientgroup by id
cg, err := core.LoadClientGroup(cgid)
if err != nil {
if err == mgo.ErrNotFound {
cx.RespondWithNotFound()
return
} else {
// In theory the db connection could be lost between
// checking user and load but seems unlikely.
cx.RespondWithErrorMessage("clientgroup not found: "+cgid, http.StatusBadRequest)
return
}
}
// Only the owner, an admin, or someone with read access can view acl's.
//
// NOTE: If the clientgroup is publicly owned, then anyone can view all acl's. The owner can only