remove user

src/client/js/components/Admin/UserGroupDetail/UserGroupUserTable.jsx

@@ -18,10 +18,23 @@ class UserGroupUserTable extends React.Component {
       isUserGroupUserModalOpen: false,
     };
 
+    this.xss = window.xss;
+
+    this.removeUser = this.removeUser.bind(this);
     this.openUserGroupUserModal = this.openUserGroupUserModal.bind(this);
     this.closeUserGroupUserModal = this.closeUserGroupUserModal.bind(this);
   }
 
+  async removeUser(username) {
+    try {
+      await this.props.appContainer.apiv3.delete(`/user-groups/${this.props.userGroup._id}/users/${username}`);
+      toastSuccess(`Removed "${username}" from "${this.xss.process(this.props.userGroup.name)}"`);
+    }
+    catch (err) {
+      toastError(new Error(`Unable to remove "${this.xss.process(username)}" from "${this.xss.process(this.props.userGroup.name)}"`));
+    }
+  }
+
   openUserGroupUserModal() {
     this.setState({ isUserGroupUserModalOpen: true });
   }
@@ -71,11 +84,8 @@ class UserGroupUserTable extends React.Component {
                         <i className="icon-settings"></i> <span className="caret"></span>
                       </button>
                       <ul className="dropdown-menu" role="menu">
-                        <form id="form_removeFromGroup_{{ loop.index }}" action="/admin/user-group-relation/{{userGroup._id.toString()}}/remove-relation/{{ sRelation._id.toString() }}" method="post">
-                          <input type="hidden" name="_csrf" value="{{ csrf() }}" />
-                        </form>
                         <li>
-                          <a href="javascript:form_removeFromGroup_{{ loop.index }}.submit()">
+                          <a onClick={() => { return this.removeUser(relatedUser.username) }}>
                             <i className="icon-fw icon-user-unfollow"></i> { t('user_group_management.remove_from_group')}
                           </a>
                         </li>

src/server/routes/admin.js

@@ -716,26 +716,6 @@ module.exports = function(crowi, app) {
     return res.render('admin/user-group-detail', renderVar);
   };
 
-  actions.userGroupRelation = {};
-  actions.userGroupRelation.index = function(req, res) {
-
-  };
-
-  actions.userGroupRelation.remove = function(req, res) {
-    const UserGroupRelation = crowi.model('UserGroupRelation');
-    const userGroupId = req.params.id;
-    const relationId = req.params.relationId;
-
-    UserGroupRelation.removeById(relationId)
-      .then(() => {
-        return res.redirect(`/admin/user-group-detail/${userGroupId}`);
-      })
-      .catch((err) => {
-        debug('Error on remove user-group-relation', err);
-        req.flash('errorMessage', 'グループのユーザ削除に失敗しました。');
-      });
-  };
-
   // Importer management
   actions.importer = {};
   actions.importer.index = function(req, res) {

src/server/routes/apiv3/user-group.js

@@ -10,6 +10,8 @@ const { body, param, query } = require('express-validator/check');
 
 const validator = {};
 
+const { ObjectId } = require('mongoose').Types;
+
 /**
  * @swagger
  *  tags:
@@ -291,7 +293,7 @@ module.exports = (crowi) => {
   });
 
   validator.users.post = [
-    param('id').trim().exists(),
+    param('id').trim().exists({ checkFalsy: true }),
     param('username').trim().exists({ checkFalsy: true }),
   ];
 
@@ -318,17 +320,18 @@ module.exports = (crowi) => {
    *              type: string
    *        responses:
    *          200:
-   *            description: users are added
+   *            description: a user is added
    *            content:
    *              application/json:
    *                schema:
-   *                type: object
+   *                  type: object
    *                  properties:
    *                    user:
    *                      type: object
+   *                      description: the user added to the group
    *                    userGroup:
    *                      type: object
-   *                      description: user objects
+   *                      description: the group to which a user was added
    */
   router.post('/:id/users/:username', loginRequired(), adminRequired, validator.users.post, ApiV3FormValidator, async(req, res) => {
     const { id, username } = req.params;
@@ -344,11 +347,77 @@ module.exports = (crowi) => {
       return res.apiv3({ userGroup, user });
     }
     catch (err) {
-      const msg = `Error occurred in adding an user "${username}" to group "${id}"`;
+      const msg = `Error occurred in adding the user "${username}" to group "${id}"`;
       logger.error(msg, err);
       return res.apiv3Err(new ErrorV3(msg, 'user-group-add-user-failed'));
     }
   });
 
+  validator.users.delete = [
+    param('id').trim().exists({ checkFalsy: true }),
+    param('username').trim().exists({ checkFalsy: true }),
+  ];
+
+  /**
+   * @swagger
+   *
+   *  paths:
+   *    /_api/v3/user-groups/{:id/users}:
+   *      delete:
+   *        tags: [UserGroup]
+   *        description: remove a user from the userGroup
+   *        produces:
+   *          - application/json
+   *        parameters:
+   *          - name: id
+   *            in: path
+   *            description: id of userGroup
+   *            schema:
+   *              type: ObjectId
+   *          - name: username
+   *            in: path
+   *            description: id of user
+   *            schema:
+   *              type: string
+   *        responses:
+   *          200:
+   *            description: a user was removed
+   *            content:
+   *              application/json:
+   *                schema:
+   *                  type: object
+   *                  properties:
+   *                    user:
+   *                      type: object
+   *                      description: the user removed from the group
+   *                    userGroup:
+   *                      type: object
+   *                      description: the group from which a user was removed
+   */
+  router.delete('/:id/users/:username', loginRequired(), adminRequired, validator.users.delete, ApiV3FormValidator, async(req, res) => {
+    const { id, username } = req.params;
+
+    try {
+      const [userGroup, user] = await Promise.all([
+        UserGroup.findById(id),
+        User.findUserByUsername(username),
+      ]);
+
+      const userGroupRelation = await UserGroupRelation.findOne({ relatedUser: new ObjectId(user._id), relatedGroup: new ObjectId(userGroup._id) });
+      if (userGroupRelation == null) {
+        throw new Error(`Group "${id}" does not exist or user "${username}" does not belong to group "${id}"`);
+      }
+
+      await userGroupRelation.remove();
+
+      return res.apiv3({ userGroup, user });
+    }
+    catch (err) {
+      const msg = `Error occurred in removing the user "${username}" from group "${id}"`;
+      logger.error(msg, err);
+      return res.apiv3Err(new ErrorV3(msg, 'user-group-remove-user-failed'));
+    }
+  });
+
   return router;
 };

src/server/routes/index.js

@@ -135,9 +135,6 @@ module.exports = function(crowi, app) {
   app.get('/admin/user-groups'                    , loginRequired(), adminRequired, admin.userGroup.index);
   app.get('/admin/user-group-detail/:id'          , loginRequired(), adminRequired, admin.userGroup.detail);
 
-  // user-group-relations admin
-  app.post('/admin/user-group-relation/:id/remove-relation/:relationId', loginRequired(), adminRequired, csrf, admin.userGroupRelation.remove);
-
   // importer management for admin
   app.get('/admin/importer'                , loginRequired() , adminRequired , admin.importer.index);
   app.post('/_api/admin/settings/importerEsa' , loginRequired() , adminRequired , csrf , form.admin.importerEsa , admin.api.importerSettingEsa);