feat: allow admins to delete files and folders of other users

Kirari04 · Kirari04 · commit f9e57b74ed4d · 2026-01-15T11:41:37.000+01:00
diff --git a/controllers/DeleteFileController.go b/controllers/DeleteFileController.go
@@ -15,12 +15,15 @@ func DeleteFileController(c echo.Context) error {
 		return c.String(status, err.Error())
 	}
 
+	// Determine admin status
+	isAdmin, _ := c.Get("Admin").(bool)
+
 	// Business logic
 	status, err := logic.DeleteFiles(&models.LinksDeleteValidation{
 		LinkIDs: []models.LinkDeleteValidation{
 			fileValidation,
 		},
-	}, c.Get("UserID").(uint))
+	}, c.Get("UserID").(uint), isAdmin)
 
 	if err != nil {
 		return c.String(status, err.Error())
diff --git a/controllers/DeleteFilesController.go b/controllers/DeleteFilesController.go
@@ -15,8 +15,11 @@ func DeleteFilesController(c echo.Context) error {
 		return c.String(status, err.Error())
 	}
 
+	// Determine admin status
+	isAdmin, _ := c.Get("Admin").(bool)
+
 	// Business logic
-	status, err := logic.DeleteFiles(&fileValidation, c.Get("UserID").(uint))
+	status, err := logic.DeleteFiles(&fileValidation, c.Get("UserID").(uint), isAdmin)
 
 	if err != nil {
 		return c.String(status, err.Error())
diff --git a/controllers/DeleteFolderController.go b/controllers/DeleteFolderController.go
@@ -15,12 +15,15 @@ func DeleteFolder(c echo.Context) error {
 		return c.String(status, err.Error())
 	}
 
+	// Determine admin status
+	isAdmin, _ := c.Get("Admin").(bool)
+
 	// Business logic
 	status, err := logic.DeleteFolders(&models.FoldersDeleteValidation{
 		FolderIDs: []models.FolderDeleteValidation{
 			folderValidation,
 		},
-	}, c.Get("UserID").(uint))
+	}, c.Get("UserID").(uint), isAdmin)
 	if err != nil {
 		return c.String(status, err.Error())
 	}
diff --git a/controllers/DeleteFoldersController.go b/controllers/DeleteFoldersController.go
@@ -15,8 +15,11 @@ func DeleteFolders(c echo.Context) error {
 		return c.String(status, err.Error())
 	}
 
+	// Determine admin status
+	isAdmin, _ := c.Get("Admin").(bool)
+
 	// Business logic
-	status, err := logic.DeleteFolders(&folderValidation, c.Get("UserID").(uint))
+	status, err := logic.DeleteFolders(&folderValidation, c.Get("UserID").(uint), isAdmin)
 	if err != nil {
 		return c.String(status, err.Error())
 	}
diff --git a/logic/DeleteFiles.go b/logic/DeleteFiles.go
@@ -12,7 +12,7 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
-func DeleteFiles(fileValidation *models.LinksDeleteValidation, userID uint) (status int, err error) {
+func DeleteFiles(fileValidation *models.LinksDeleteValidation, userID uint, isAdmin bool) (status int, err error) {
 	if len(fileValidation.LinkIDs) == 0 {
 		return http.StatusBadRequest, errors.New("array LinkIDs is empty")
 	}
@@ -24,9 +24,12 @@ func DeleteFiles(fileValidation *models.LinksDeleteValidation, userID uint) (sta
 	linkIdDeleteMap := make(map[uint]bool, len(fileValidation.LinkIDs))
 	linkIdDeleteList := []uint{}
 	for _, LinkValidation := range fileValidation.LinkIDs {
-		if res := inits.DB.First(&models.Link{
-			UserID: userID,
-		}, LinkValidation.LinkID); res.Error != nil {
+		query := inits.DB.Model(&models.Link{})
+		if !isAdmin {
+			query = query.Where("user_id = ?", userID)
+		}
+
+		if res := query.First(&models.Link{}, LinkValidation.LinkID); res.Error != nil {
 			return http.StatusBadRequest, fmt.Errorf("linkID (%d) doesn't exist", LinkValidation.LinkID)
 		}
 		if linkIdDeleteMap[LinkValidation.LinkID] {
diff --git a/logic/DeleteFolders.go b/logic/DeleteFolders.go
@@ -17,7 +17,7 @@ and shortly after calls the delete method for the root folder too, it would try
 whole folder tree and delete all folders & files again. To prevent that there is an map variable
 that should prevent the user from calling this method multiple times concurrently.
 */
-func DeleteFolders(folderValidation *models.FoldersDeleteValidation, userID uint) (status int, err error) {
+func DeleteFolders(folderValidation *models.FoldersDeleteValidation, userID uint, isAdmin bool) (status int, err error) {
 
 	if helpers.UserRequestAsyncObj.Blocked(userID) {
 		return http.StatusTooManyRequests, errors.New("wait until the previous delete request finished")
@@ -38,10 +38,13 @@ func DeleteFolders(folderValidation *models.FoldersDeleteValidation, userID uint
 	reqFolderIdDeleteList := []uint{}
 	var parentFolderID uint = 0
 	for i, FolderValidation := range folderValidation.FolderIDs {
-		var dbFolder = models.Folder{
-			UserID: userID,
+		query := inits.DB.Model(&models.Folder{})
+		if !isAdmin {
+			query = query.Where("user_id = ?", userID)
 		}
-		if res := inits.DB.First(&dbFolder, FolderValidation.FolderID); res.Error != nil {
+
+		var dbFolder models.Folder
+		if res := query.First(&dbFolder, FolderValidation.FolderID); res.Error != nil {
 			return http.StatusBadRequest, fmt.Errorf("FolderID (%d) doesn't exist", FolderValidation.FolderID)
 		}
 		// check if has same parent folder
@@ -83,7 +86,7 @@ func DeleteFolders(folderValidation *models.FoldersDeleteValidation, userID uint
 	if len(files) > 0 {
 		if status, err := DeleteFiles(&models.LinksDeleteValidation{
 			LinkIDs: files,
-		}, userID); err != nil {
+		}, userID, isAdmin); err != nil {
 			return status, fmt.Errorf("failed to delete all files from folders: %v", err)
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -15,8 +15,11 @@ func DeleteFolders(c echo.Context) error {`
`15`	`15`	`return c.String(status, err.Error())`
`16`	`16`	`}`
`17`	`17`
	`18`	`+ // Determine admin status`
	`19`	`+ isAdmin, _ := c.Get("Admin").(bool)`
	`20`	`+`
`18`	`21`	`// Business logic`
`19`		`- status, err := logic.DeleteFolders(&folderValidation, c.Get("UserID").(uint))`
	`22`	`+ status, err := logic.DeleteFolders(&folderValidation, c.Get("UserID").(uint), isAdmin)`
`20`	`23`	`if err != nil {`
`21`	`24`	`return c.String(status, err.Error())`
`22`	`25`	`}`