1 files changed, 10 insertions, 20 deletions

diff --git a/opendc/api/v2/users/userId/endpoint.py b/opendc/api/v2/users/userId/endpoint.py
index bfed3fe5..6de26e64 100644
--- a/opendc/api/v2/users/userId/endpoint.py
+++ b/opendc/api/v2/users/userId/endpoint.py
@@ -1,4 +1,3 @@
-from opendc.models.user import User
 from opendc.util import exceptions
 from opendc.util.database import DB
 from opendc.util.rest import Response
@@ -38,6 +37,7 @@ def PUT(request):
     if user is None:
         return Response(404, f'User with ID {user_id} not found.')
 
+    print(user['googleId'], request.google_id)
     if user['googleId'] != request.google_id:
         return Response(403, f'Forbidden from editing {user}.')
 
@@ -50,32 +50,22 @@ def PUT(request):
 
 
 def DELETE(request):
-    """Delete this user."""
-
-    # Make sure required parameters are there
+    """Delete this User."""
 
     try:
         request.check_required_parameters(path={'userId': 'string'})
-
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a User and make sure they exist
-
-    user = User.from_primary_key((request.params_path['userId'], ))
-
-    if not user.exists():
-        return Response(404, '{} not found'.format(user))
-
-    # Make sure this User is allowed to delete this User
-
-    if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from deleting {}.'.format(user))
+    user_id = request.params_path['userId']
+    user = DB.fetch_one({'_id': user_id}, 'users')
 
-    # Delete this User
+    if user is None:
+        return Response(404, f'User with ID {user_id} not found.')
 
-    user.delete()
+    if user['googleId'] != request.google_id:
+        return Response(403, f'Forbidden from editing {user}.')
 
-    # Return this User
+    DB.delete_one({'_id': user_id}, 'users')
 
-    return Response(200, 'Successfully deleted {}'.format(user), user.to_JSON())
+    return Response(200, f'Successfully deleted {user}.', user)