add: allow mods to remove associations

crates/app/src/public/html/components.lisp

@@ -1350,9 +1350,9 @@
             (text "Listening to "))
         (text "{{ other_user.connections.Spotify[1].data.artist }}")))
 
-(text "{%- endif %} {%- endmacro %} {% macro user_plate(user, show_menu=false, show_kick=false, secondary=false) -%}")
+(text "{%- endif %} {%- endmacro %} {% macro user_plate(user, show_menu=false, show_kick=false, secondary=false, full=false) -%}")
 (div
-    ("class" "flex gap_2 items_center card tiny user_plate {% if secondary -%}secondary{%- endif %}")
+    ("class" "flex gap_2 items_center card tiny user_plate {% if secondary -%}secondary{%- endif %} {% if full -%} w_full {%- endif %}")
     (a
         ("href" "/@{{ user.username }}")
         (text "{{ self::avatar(username=user.username, size=\"42px\", selector_type=\"username\") }}"))

crates/app/src/public/html/mod/profile.lisp

@@ -84,7 +84,7 @@
                     const ui = await ns(\"ui\");
                     const element = document.getElementById(\"mod_options\");
 
-                    globalThis.profile_request = async (do_confirm, path, body) => {
+                    globalThis.profile_request = async (do_confirm, path, body = null, headers = { \"Content-Type\": \"application/json\" }, method = \"POST\") => {
                         if (do_confirm) {
                             if (
                                 !(await trigger(\"atto::confirm\", [
@@ -96,11 +96,9 @@
                         }
 
                         fetch(`/api/v1/auth/user/{{ profile.id }}/${path}`, {
-                            method: \"POST\",
-                            headers: {
-                                \"Content-Type\": \"application/json\",
-                            },
-                            body: JSON.stringify(body),
+                            method,
+                            headers: headers != null ? headers : undefined,
+                            body: body != null ? JSON.stringify(body) : undefined,
                         })
                             .then((res) => res.json())
                             .then((res) => {
@@ -265,9 +263,15 @@
                 (span
                     (text "{{ text \"mod_panel:label.associations\" }}"))))
         (div
-            ("class" "card lowered flex flex_wrap gap_2")
+            ("class" "card flex flex_wrap gap_4 flex_collapse")
             (text "{% for user in associations -%}")
-            (text "{{ components::user_plate(user=user, show_menu=false) }}")
+            (div
+                ("class" "flex flex_row gap_2 items_center card small secondary")
+                (text "{{ components::user_plate(user=user, show_menu=false, secondary=true, full=true) }}")
+                (button
+                    ("class" "small square red lowered")
+                    ("onclick" "profile_request(true, 'associations/{{ user.id }}', null, null, 'DELETE')")
+                    (icon (text "x"))))
             (text "{%- endfor %}")))
     (text "{% if invite -%}")
     (div

crates/app/src/routes/api/v1/auth/profile.rs

@@ -283,7 +283,7 @@ pub async fn remove_applied_configuration_request(
 }
 
 /// Append associations to the current user.
-pub async fn append_associations_request(
+pub async fn append_association_request(
     jar: CookieJar,
     Extension(data): Extension<State>,
     Json(req): Json<AppendAssociations>,
@@ -331,6 +331,50 @@ pub async fn append_associations_request(
     }
 }
 
+/// Remove an association from the given user.
+pub async fn remove_association_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path((uid, association)): Path<(usize, usize)>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageProfile) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    // get user
+    let mut other_user = match data.get_user_by_id(uid).await {
+        Ok(x) => x,
+        Err(e) => return Json(e.into()),
+    };
+
+    // find association and remove
+    other_user.associated.remove(
+        match other_user.associated.iter().position(|x| x == &association) {
+            Some(x) => x,
+            None => return Json(Error::GeneralNotFound("association".to_string()).into()),
+        },
+    );
+
+    // ...
+    match data
+        .update_user_associated(other_user.id, other_user.associated)
+        .await
+    {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Associations updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
 /// Update the password of the given user.
 ///
 /// Does not support third-party grants.

crates/app/src/routes/api/v1/mod.rs

@@ -397,6 +397,10 @@ pub fn routes() -> Router {
             "/auth/user/{id}/totp/codes",
             post(auth::profile::refresh_totp_codes_request),
         )
+        .route(
+            "/auth/user/{id}/associations/{association}",
+            delete(auth::profile::remove_association_request),
+        )
         .route(
             "/auth/user/{username}/totp/check",
             get(auth::profile::has_totp_enabled_request),
@@ -404,7 +408,7 @@ pub fn routes() -> Router {
         .route("/auth/user/me/seen", post(auth::profile::seen_request))
         .route(
             "/auth/user/me/append_associations",
-            put(auth::profile::append_associations_request),
+            put(auth::profile::append_association_request),
         )
         .route("/auth/user/find/{id}", get(auth::profile::redirect_from_id))
         .route(