From a9324fb35a1ca0905f22c519d73705aac4f13f0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Y=C3=BBki=20Vachot?= <yuki@vachot.fr>
Date: Fri, 14 Jan 2022 00:34:12 +0100
Subject: [PATCH] Update: Route admin/delete/user

---
 backend/application/responses.py |  2 --
 backend/application/routes.py    | 16 +++++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/backend/application/responses.py b/backend/application/responses.py
index 0d5c9ac..03e11a6 100644
--- a/backend/application/responses.py
+++ b/backend/application/responses.py
@@ -12,7 +12,6 @@ def send_error(status_code, message, token=None):
         status=status_code,
         mimetype='application/json'
     )
-    res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN')
     if token is not None:
         res.set_cookie('SESSIONID', token)
     return res
@@ -29,7 +28,6 @@ def send_message(message, data, token=None, token_delete=False):
         status=200,
         mimetype='application/json'
     )
-    res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN')
     if token is not None:
         res.set_cookie('SESSIONID', token)
     if token_delete:
diff --git a/backend/application/routes.py b/backend/application/routes.py
index da64e99..040961d 100644
--- a/backend/application/routes.py
+++ b/backend/application/routes.py
@@ -1,10 +1,12 @@
 from flask import request, Blueprint
+from flask_cors import CORS
 from .responses import send_message, send_error
 from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, \
     db_users
 from .sessionJWT import create_auth_token, check_auth_token
 
 bp = Blueprint('myapp', __name__)
+CORS(bp, supports_credentials=True, origins=['http://127.0.0.1:4200', 'http://localhost:4200'])
 
 
 # Login
@@ -117,13 +119,13 @@ def user_delete():
         ip = request.remote_addr
         user_id = token['payload']['id']
         res = db_user_delete(ip, user_id)
-        if res['status'] == 1:
+        if res['status'] != 0:
             return send_error(500, res['message'])
-        elif res['status'] == 0:
+        else:
             db_create_log(
                 ip=ip,
-                action='logout',
-                message='User disconnected.',
+                action='delete',
+                message='User deleted.',
                 has_succeeded=True,
                 status_code=0,
                 table='users',
@@ -269,15 +271,15 @@ def admin_update_user():
 
 
 # Admin : Delete User
-@bp.route('/api/admin/delete/user', methods=['DELETE'])
-def admin_delete_user():
+@bp.route('/api/admin/delete/user/<id>', methods=['DELETE'])
+def admin_delete_user(id):
     token = check_auth_token(request)
     if token['success']:
         ip = request.remote_addr
         user_id = token['payload']['id']
         is_admin = token['payload']['is_admin']
         if is_admin:
-            post_json = request.json
+            post_json = {'id': id}
             post_user_id_delete = None
             fields = ''
             if 'id' in post_json: