diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go index 3d5532a598d..c8748ca0c4f 100644 --- a/services/graph/pkg/service/v0/users.go +++ b/services/graph/pkg/service/v0/users.go @@ -159,6 +159,7 @@ func (g Graph) GetUser(w http.ResponseWriter, r *http.Request) { userID, err := url.PathUnescape(userID) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping user id failed") + return } if userID == "" { @@ -175,6 +176,7 @@ func (g Graph) GetUser(w http.ResponseWriter, r *http.Request) { } else { errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error()) } + return } sel := strings.Split(r.URL.Query().Get("$select"), ",") exp := strings.Split(r.URL.Query().Get("$expand"), ",") @@ -231,6 +233,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) { userID, err := url.PathUnescape(userID) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping user id failed") + return } if userID == "" { @@ -248,25 +251,26 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) { }) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "could not read spaces") + return } for _, sp := range lspr.GetStorageSpaces() { - if sp.SpaceType == "personal" { - if sp.Owner.Id.OpaqueId == userID { - // TODO: check if request contains a homespace and if, check if requesting user has the privilege to - // delete it and make sure it is not deleting its own homespace - // needs modification of the cs3api - _, err := g.gatewayClient.DeleteStorageSpace(r.Context(), &storageprovider.DeleteStorageSpaceRequest{ - Opaque: opaque, - Id: &storageprovider.StorageSpaceId{ - OpaqueId: sp.Id.OpaqueId, - }, - }) - if err != nil { - errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "could not delete homespace") - } - break - } + if !(sp.SpaceType == "personal" && sp.Owner.Id.OpaqueId == userID) { + continue } + // TODO: check if request contains a homespace and if, check if requesting user has the privilege to + // delete it and make sure it is not deleting its own homespace + // needs modification of the cs3api + _, err := g.gatewayClient.DeleteStorageSpace(r.Context(), &storageprovider.DeleteStorageSpaceRequest{ + Opaque: opaque, + Id: &storageprovider.StorageSpaceId{ + OpaqueId: sp.Id.OpaqueId, + }, + }) + if err != nil { + errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "could not delete homespace") + return + } + break } err = g.identityBackend.DeleteUser(r.Context(), userID) @@ -277,6 +281,7 @@ func (g Graph) DeleteUser(w http.ResponseWriter, r *http.Request) { errcode.Render(w, r) } else { errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error()) + return } } @@ -293,6 +298,7 @@ func (g Graph) PatchUser(w http.ResponseWriter, r *http.Request) { nameOrID, err := url.PathUnescape(nameOrID) if err != nil { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "unescaping user id failed") + return } if nameOrID == "" { @@ -328,6 +334,7 @@ func (g Graph) PatchUser(w http.ResponseWriter, r *http.Request) { } else { errorcode.GeneralException.Render(w, r, http.StatusInternalServerError, err.Error()) } + return } currentUser := ctxpkg.ContextMustGetUser(r.Context())