Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
/*
2
Ban a user.  This is ONLY allowed for admins.
3
*/
4

5
import getAccountId from "lib/account/get-account";
6
import getParams from "lib/api/get-params";
7
import userIsInGroup from "@cocalc/server/accounts/is-in-group";
8
import { banUser } from "@cocalc/server/accounts/ban";
9

10
import { apiRoute, apiRouteOperation } from "lib/api";
11
import { SuccessStatus } from "lib/api/status";
12
import {
13
  BanAccountInputSchema,
14
  BanAccountOutputSchema,
15
} from "lib/api/schema/accounts/ban";
16

17
async function handle(req, res) {
18
  try {
19
    res.json(await get(req));
20
  } catch (err) {
21
    res.json({ error: `${err.message}` });
22
    return;
23
  }
24
}
25

26
async function get(req) {
27
  const account_id0 = await getAccountId(req);
28
  if (account_id0 == null) {
29
    throw Error("must be signed in");
30
  }
31
  // This user MUST be an admin:
32
  if (!(await userIsInGroup(account_id0, "admin"))) {
33
    throw Error("only admins can ban users");
34
  }
35

36
  const { account_id } = getParams(req);
37
  await banUser(account_id);
38
  return SuccessStatus;
39
}
40

41
export default apiRoute({
42
  ban: apiRouteOperation({
43
    method: "POST",
44
    openApiOperation: {
45
      tags: ["Accounts", "Admin"],
46
    },
47
  })
48
    .input({
49
      contentType: "application/json",
50
      body: BanAccountInputSchema,
51
    })
52
    .outputs([
53
      {
54
        status: 200,
55
        contentType: "application/json",
56
        body: BanAccountOutputSchema,
57
      },
58
    ])
59
    .handler(handle),
60
});
61

62