Stopped Company Members from deleting their account.

Informatik-Projekt-Kurs · Oct 24, 2024 · fb57c2d · fb57c2d
1 parent 22284fd
commit fb57c2d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/src/main/java/com/MeetMate/user/UserController.java b/src/main/java/com/MeetMate/user/UserController.java
@@ -148,6 +148,9 @@ public ResponseEntity<?> deleteUser(@RequestHeader(name = "Authorization") Strin
       if (tc == EntityNotFoundException.class)
         return ResponseEntity.status(HttpStatus.NOT_FOUND).body("message: " + t.getMessage());
 
+      if (tc == IllegalAccessException.class)
+        return ResponseEntity.status(HttpStatus.FORBIDDEN).body("message: " + t.getMessage());
+
       return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
           .body("type: " + tc + "\nmessage: " + t.getMessage());
     }

diff --git a/src/main/java/com/MeetMate/user/UserService.java b/src/main/java/com/MeetMate/user/UserService.java
@@ -160,11 +160,14 @@ public RefreshResponse refreshAccessToken(String refreshToken) {
   }
 
   @Transactional
-  public void deleteUser(String token) {
+  public void deleteUser(String token) throws IllegalAccessException {
     String email = jwtService.extractUserEmail(token);
     User user = userRepository
         .findUserByEmail(email)
         .orElseThrow(() -> new EntityNotFoundException("User does not exist."));
+    if (user.getRole() == UserRole.COMPANY_OWNER
+        || user.getRole() == UserRole.COMPANY_MEMBER)
+      throw new IllegalAccessException("Company owners and members cannot delete their accounts");
 
     userRepository.deleteByEmail(email);
   }