Merge pull request #2064 from automatisch/aut-1237

feat: write and implement REST API endpoint to delete role
2024-09-10 17:19:55 +03:00
parent a4fad360df 61a1ce57c2
commit 862842e3e1
11 changed files with 226 additions and 59 deletions
--- a/packages/backend/src/graphql/mutations/delete-role.ee.js
+++ b/packages/backend/src/graphql/mutations/delete-role.ee.js
@@ -1,36 +0,0 @@
-import Role from '../../models/role.js';
-import SamlAuthProvider from '../../models/saml-auth-provider.ee.js';
-
-const deleteRole = async (_parent, params, context) => {
-  context.currentUser.can('delete', 'Role');
-
-  const role = await Role.query().findById(params.input.id).throwIfNotFound();
-  const count = await role.$relatedQuery('users').resultSize();
-
-  if (count > 0) {
-    throw new Error('All users must be migrated away from the role!');
-  }
-
-  if (role.isAdmin) {
-    throw new Error('Admin role cannot be deleted!');
-  }
-
-  const samlAuthProviderUsingDefaultRole = await SamlAuthProvider.query()
-    .where({ default_role_id: role.id })
-    .limit(1)
-    .first();
-
-  if (samlAuthProviderUsingDefaultRole) {
-    throw new Error(
-      'You need to change the default role in the SAML configuration before deleting this role.'
-    );
-  }
-
-  // delete permissions first
-  await role.$relatedQuery('permissions').delete();
-  await role.$query().delete();
-
-  return true;
-};
-
-export default deleteRole;