4 files changed, 30 insertions, 60 deletions

diff --git a/opendc/api/v2/users/userId/authorizations/__init__.py b/opendc/api/v2/users/userId/authorizations/__init__.py
deleted file mode 100644
index e69de29b..00000000
--- a/opendc/api/v2/users/userId/authorizations/__init__.py
+++ /dev/null
diff --git a/opendc/api/v2/users/userId/authorizations/endpoint.py b/opendc/api/v2/users/userId/authorizations/endpoint.py
deleted file mode 100644
index 75bde5fb..00000000
--- a/opendc/api/v2/users/userId/authorizations/endpoint.py
+++ /dev/null
@@ -1,35 +0,0 @@
-from opendc.models.authorization import Authorization
-from opendc.models.user import User
-from opendc.util import exceptions
-from opendc.util.rest import Response
-
-
-def GET(request):
-    """Get this User's Authorizations."""
-
-    # Make sure required parameters are there
-
-    try:
-        request.check_required_parameters(path={'userId': 'string'})
-
-    except exceptions.ParameterError as e:
-        return Response(400, str(e))
-
-    # Instantiate a User and make sure they exist
-
-    user = User.from_primary_key((request.params_path['userId'], ))
-
-    if not user.exists():
-        return Response(404, '{} not found.'.format(user))
-
-    # Make sure this requester is allowed to retrieve this User's Authorizations
-
-    if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(user))
-
-    # Return this User's Authorizations
-
-    authorizations = Authorization.query('user_id', request.params_path['userId'])
-
-    return Response(200, 'Successfully retrieved Authorizations for {}.'.format(user),
-                    [x.to_JSON() for x in authorizations])
diff --git a/opendc/api/v2/users/userId/endpoint.py b/opendc/api/v2/users/userId/endpoint.py
index bfed3fe5..6de26e64 100644
--- a/opendc/api/v2/users/userId/endpoint.py
+++ b/opendc/api/v2/users/userId/endpoint.py
@@ -1,4 +1,3 @@
-from opendc.models.user import User
 from opendc.util import exceptions
 from opendc.util.database import DB
 from opendc.util.rest import Response
@@ -38,6 +37,7 @@ def PUT(request):
     if user is None:
         return Response(404, f'User with ID {user_id} not found.')
 
+    print(user['googleId'], request.google_id)
     if user['googleId'] != request.google_id:
         return Response(403, f'Forbidden from editing {user}.')
 
@@ -50,32 +50,22 @@ def PUT(request):
 
 
 def DELETE(request):
-    """Delete this user."""
-
-    # Make sure required parameters are there
+    """Delete this User."""
 
     try:
         request.check_required_parameters(path={'userId': 'string'})
-
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a User and make sure they exist
-
-    user = User.from_primary_key((request.params_path['userId'], ))
-
-    if not user.exists():
-        return Response(404, '{} not found'.format(user))
-
-    # Make sure this User is allowed to delete this User
-
-    if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from deleting {}.'.format(user))
+    user_id = request.params_path['userId']
+    user = DB.fetch_one({'_id': user_id}, 'users')
 
-    # Delete this User
+    if user is None:
+        return Response(404, f'User with ID {user_id} not found.')
 
-    user.delete()
+    if user['googleId'] != request.google_id:
+        return Response(403, f'Forbidden from editing {user}.')
 
-    # Return this User
+    DB.delete_one({'_id': user_id}, 'users')
 
-    return Response(200, 'Successfully deleted {}'.format(user), user.to_JSON())
+    return Response(200, f'Successfully deleted {user}.', user)
diff --git a/opendc/api/v2/users/userId/test_endpoint.py b/opendc/api/v2/users/userId/test_endpoint.py
index 4ba6d9af..e448f45a 100644
--- a/opendc/api/v2/users/userId/test_endpoint.py
+++ b/opendc/api/v2/users/userId/test_endpoint.py
@@ -23,16 +23,13 @@ def test_update_user_non_existing(client, mocker):
 
 
 def test_update_user_different_user(client, mocker):
-    mocker.patch.object(DB, 'fetch_one', return_value=None)
-    assert '404' in client.put('/api/v2/users/1',
+    mocker.patch.object(DB, 'fetch_one', return_value={'googleId': 'other_test'})
+    assert '403' in client.put('/api/v2/users/1',
                                json={
                                    'user': {
                                        'givenName': 'A',
                                        'familyName': 'B'
                                    }
-                               },
-                               headers={
-                                   'google_id': 'other_token'
                                }).status
 
 
@@ -42,3 +39,21 @@ def test_update_user(client, mocker):
     res = client.put('/api/v2/users/1', json={'user': {'givenName': 'A', 'familyName': 'B'}})
     assert 'givenName' in res.json['content']
     assert '200' in res.status
+
+
+def test_delete_user_non_existing(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value=None)
+    assert '404' in client.delete('/api/v2/users/1').status
+
+
+def test_delete_user_different_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'googleId': 'other_test'})
+    assert '403' in client.delete('/api/v2/users/1').status
+
+
+def test_delete_user(client, mocker):
+    mocker.patch.object(DB, 'fetch_one', return_value={'googleId': 'test'})
+    mocker.patch.object(DB, 'delete_one', return_value=None)
+    res = client.delete('/api/v2/users/1')
+    assert 'googleId' in res.json['content']
+    assert '200' in res.status