|
|
|
@ -170,15 +170,27 @@ async def delete_pin(id: str, current_user: User = Depends(get_current_user)):
|
|
|
|
if pin is None:
|
|
|
|
if pin is None:
|
|
|
|
raise HTTPException(status_code=404, detail="Pin not found")
|
|
|
|
raise HTTPException(status_code=404, detail="Pin not found")
|
|
|
|
|
|
|
|
|
|
|
|
# Vérifier si l'utilisateur est le propriétaire du pin
|
|
|
|
# Si l'utilisateur est le propriétaire, supprimer le pin et toutes ses permissions
|
|
|
|
if pin["user_id"] != current_user.uid:
|
|
|
|
if pin["user_id"] == current_user.uid:
|
|
|
|
raise HTTPException(status_code=403, detail="Only the owner can delete the pin")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Supprimer le pin et toutes ses permissions
|
|
|
|
|
|
|
|
pins_collection.delete_one({"_id": ObjectId(id)})
|
|
|
|
pins_collection.delete_one({"_id": ObjectId(id)})
|
|
|
|
pin_permissions_collection.delete_many({"pin_id": ObjectId(id)})
|
|
|
|
pin_permissions_collection.delete_many({"pin_id": ObjectId(id)})
|
|
|
|
|
|
|
|
|
|
|
|
return {"message": "Pin deleted successfully"}
|
|
|
|
return {"message": "Pin deleted successfully"}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Si l'utilisateur n'est pas le propriétaire, vérifier s'il a une permission de partage
|
|
|
|
|
|
|
|
permission = pin_permissions_collection.find_one({
|
|
|
|
|
|
|
|
"pin_id": ObjectId(id),
|
|
|
|
|
|
|
|
"user_id": current_user.uid
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if permission:
|
|
|
|
|
|
|
|
# Supprimer uniquement la permission de partage pour cet utilisateur
|
|
|
|
|
|
|
|
pin_permissions_collection.delete_one({
|
|
|
|
|
|
|
|
"pin_id": ObjectId(id),
|
|
|
|
|
|
|
|
"user_id": current_user.uid
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
return {"message": "Pin access removed"}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
raise HTTPException(status_code=403, detail="You don't have permission to delete this pin")
|
|
|
|
|
|
|
|
|
|
|
|
except bson.errors.InvalidId:
|
|
|
|
except bson.errors.InvalidId:
|
|
|
|
objectid_misformatted()
|
|
|
|
objectid_misformatted()
|
