add: allow mods to remove associations

crates/app/src/routes/api/v1/auth/profile.rs

@@ -283,7 +283,7 @@ pub async fn remove_applied_configuration_request(
 }
 
 /// Append associations to the current user.
-pub async fn append_associations_request(
+pub async fn append_association_request(
     jar: CookieJar,
     Extension(data): Extension<State>,
     Json(req): Json<AppendAssociations>,
@@ -331,6 +331,50 @@ pub async fn append_associations_request(
     }
 }
 
+/// Remove an association from the given user.
+pub async fn remove_association_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path((uid, association)): Path<(usize, usize)>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data, oauth::AppScope::UserManageProfile) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    if !user.permissions.check(FinePermission::MANAGE_USERS) {
+        return Json(Error::NotAllowed.into());
+    }
+
+    // get user
+    let mut other_user = match data.get_user_by_id(uid).await {
+        Ok(x) => x,
+        Err(e) => return Json(e.into()),
+    };
+
+    // find association and remove
+    other_user.associated.remove(
+        match other_user.associated.iter().position(|x| x == &association) {
+            Some(x) => x,
+            None => return Json(Error::GeneralNotFound("association".to_string()).into()),
+        },
+    );
+
+    // ...
+    match data
+        .update_user_associated(other_user.id, other_user.associated)
+        .await
+    {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Associations updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
 /// Update the password of the given user.
 ///
 /// Does not support third-party grants.