From 4f2696ed32c47b72a52eaa8b7495990fe585b340 Mon Sep 17 00:00:00 2001 From: adrinr Date: Tue, 14 Mar 2023 15:46:50 +0100 Subject: [PATCH] Use ctx.identity instead of passing it as param --- packages/worker/src/api/controllers/global/users.ts | 2 +- packages/worker/src/initPro.ts | 2 +- packages/worker/src/sdk/users/users.ts | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/packages/worker/src/api/controllers/global/users.ts b/packages/worker/src/api/controllers/global/users.ts index c0855ce193..1b063599ab 100644 --- a/packages/worker/src/api/controllers/global/users.ts +++ b/packages/worker/src/api/controllers/global/users.ts @@ -177,7 +177,7 @@ export const destroy = async (ctx: any) => { ctx.throw(400, "Unable to delete self.") } - await userSdk.destroy(id, ctx.user) + await userSdk.destroy(id) ctx.body = { message: `User ${id} deleted.`, diff --git a/packages/worker/src/initPro.ts b/packages/worker/src/initPro.ts index 44dc99a589..3c144a5c83 100644 --- a/packages/worker/src/initPro.ts +++ b/packages/worker/src/initPro.ts @@ -6,7 +6,7 @@ export const initPro = async () => { scimUserServiceConfig: { functions: { saveUser: userSdk.save, - removeUser: (id: string) => userSdk.destroy(id, undefined), + removeUser: (id: string) => userSdk.destroy(id), }, }, }) diff --git a/packages/worker/src/sdk/users/users.ts b/packages/worker/src/sdk/users/users.ts index ad7fcc95e2..f05c6b98d2 100644 --- a/packages/worker/src/sdk/users/users.ts +++ b/packages/worker/src/sdk/users/users.ts @@ -15,6 +15,7 @@ import { utils, ViewName, env as coreEnv, + context, } from "@budibase/backend-core" import { AccountMetadata, @@ -537,7 +538,7 @@ export const bulkDelete = async ( return response } -export const destroy = async (id: string, currentUser: any) => { +export const destroy = async (id: string) => { const db = tenancy.getGlobalDB() const dbUser = (await db.get(id)) as User const userId = dbUser._id as string @@ -547,7 +548,7 @@ export const destroy = async (id: string, currentUser: any) => { const email = dbUser.email const account = await accounts.getAccount(email) if (account) { - if (email === currentUser.email) { + if (dbUser.userId === context.getIdentity()!._id) { throw new HTTPError('Please visit "Account" to delete this user', 400) } else { throw new HTTPError("Account holder cannot be deleted", 400)