diff --git a/core/controllers/base.go b/core/controllers/base.go index 2e6c6324..aa1dbeed 100644 --- a/core/controllers/base.go +++ b/core/controllers/base.go @@ -153,7 +153,7 @@ func (ctr *BaseController[T]) DeleteById(c *gin.Context) { func (ctr *BaseController[T]) DeleteList(c *gin.Context) { type Payload struct { - Ids []primitive.ObjectID `json:"ids"` + Ids []string `json:"ids"` } var payload Payload @@ -162,9 +162,19 @@ func (ctr *BaseController[T]) DeleteList(c *gin.Context) { return } + var ids []primitive.ObjectID + for _, id := range payload.Ids { + objectId, err := primitive.ObjectIDFromHex(id) + if err != nil { + HandleErrorBadRequest(c, err) + return + } + ids = append(ids, objectId) + } + if err := ctr.modelSvc.DeleteMany(bson.M{ "_id": bson.M{ - "$in": payload.Ids, + "$in": ids, }, }); err != nil { HandleErrorInternalServerError(c, err) diff --git a/core/controllers/user.go b/core/controllers/user.go index cc789b91..a4fa90ef 100644 --- a/core/controllers/user.go +++ b/core/controllers/user.go @@ -175,7 +175,7 @@ func DeleteUserById(c *gin.Context) { return } if user.RootAdmin { - HandleErrorBadRequest(c, errors.New("root admin cannot be deleted")) + HandleErrorForbidden(c, errors.New("root admin cannot be deleted")) return } @@ -217,7 +217,7 @@ func DeleteUserList(c *gin.Context) { "root_admin": true, }, nil) if err == nil { - HandleErrorBadRequest(c, errors.New("root admin cannot be deleted")) + HandleErrorForbidden(c, errors.New("root admin cannot be deleted")) return } if !errors.Is(err, mongo2.ErrNoDocuments) { diff --git a/core/controllers/user_test.go b/core/controllers/user_test.go index 94fa93c0..075bd9bd 100644 --- a/core/controllers/user_test.go +++ b/core/controllers/user_test.go @@ -423,7 +423,7 @@ func TestDeleteUserById_Success(t *testing.T) { w = httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Equal(t, http.StatusBadRequest, w.Code) + assert.Equal(t, http.StatusForbidden, w.Code) // Test deleting with invalid ID req, err = http.NewRequest(http.MethodDelete, "/users/invalid-id", nil) @@ -492,7 +492,7 @@ func TestDeleteUserList_Success(t *testing.T) { w = httptest.NewRecorder() router.ServeHTTP(w, req) - assert.Equal(t, http.StatusBadRequest, w.Code) + assert.Equal(t, http.StatusForbidden, w.Code) // Test with mix of valid and invalid ids reqBody = strings.NewReader(fmt.Sprintf(`{"ids":["%s","invalid-id"]}`, normalUserIds[0].Hex()))