github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/web/bitwarden/contact.go (about) 1 package bitwarden 2 3 import ( 4 "net/http" 5 6 "github.com/cozy/cozy-stack/model/bitwarden" 7 "github.com/cozy/cozy-stack/model/permission" 8 "github.com/cozy/cozy-stack/model/sharing" 9 "github.com/cozy/cozy-stack/pkg/consts" 10 "github.com/cozy/cozy-stack/pkg/couchdb" 11 "github.com/cozy/cozy-stack/web/middlewares" 12 "github.com/hashicorp/go-multierror" 13 "github.com/labstack/echo/v4" 14 ) 15 16 // RefuseContact is the API handler for DELETE /bitwarden/contacts/:id. It is 17 // used for refusing to give access to a user to shared ciphers, and removes 18 // them from all the sharings. 19 func RefuseContact(c echo.Context) error { 20 inst := middlewares.GetInstance(c) 21 if err := middlewares.AllowWholeType(c, permission.DELETE, consts.BitwardenContacts); err != nil { 22 return c.JSON(http.StatusUnauthorized, echo.Map{ 23 "error": "invalid token", 24 }) 25 } 26 27 id := c.Param("id") 28 var contact bitwarden.Contact 29 if err := couchdb.GetDoc(inst, consts.BitwardenContacts, id, &contact); err != nil { 30 if couchdb.IsNotFoundError(err) { 31 return c.JSON(http.StatusNotFound, echo.Map{ 32 "error": "not found", 33 }) 34 } 35 return c.JSON(http.StatusInternalServerError, echo.Map{ 36 "error": err.Error(), 37 }) 38 } 39 email := contact.Email 40 if err := couchdb.DeleteDoc(inst, &contact); err != nil { 41 return c.JSON(http.StatusInternalServerError, echo.Map{ 42 "error": err.Error(), 43 }) 44 } 45 46 sharings, err := sharing.GetSharingsByDocType(inst, consts.BitwardenOrganizations) 47 if err != nil { 48 return c.JSON(http.StatusInternalServerError, echo.Map{ 49 "error": err.Error(), 50 }) 51 } 52 var errm error 53 for _, s := range sharings { 54 if !s.Owner { 55 continue 56 } 57 for i, m := range s.Members { 58 if i != 0 && m.Email == email && m.Status == sharing.MemberStatusReady { 59 if err := s.RevokeRecipient(inst, i); err != nil { 60 errm = multierror.Append(errm, err) 61 } 62 } 63 } 64 } 65 if errm != nil { 66 return c.JSON(http.StatusInternalServerError, echo.Map{ 67 "error": err.Error(), 68 }) 69 } 70 71 return c.NoContent(http.StatusNoContent) 72 }