delete hospital softly

Author: cjustinobi

src/auth/service.rs

@@ -267,14 +267,26 @@ pub fn verify_jwt(token: &str, secret: &str) -> Result<TokenData<Claims>> {
 pub fn soft_delete_account(
     conn: &mut PgConnection,
     user_id: &Uuid,
-) -> Result<(), diesel::result::Error> {
+) -> Result<(), AppError> {
     use crate::schema::users::dsl::*;
     use diesel::prelude::*;
     use chrono::Utc;
-
-    diesel::update(users.filter(id.eq(user_id)))
-        .set(deleted_at.eq(Some(Utc::now())))
-        .execute(conn)?;
+    use crate::utils::enums::Role;
+
+    let affected = diesel::update(
+        users
+            .filter(id.eq(user_id))
+            .filter(role.ne(Role::Admin))  
+            .filter(deleted_at.is_null()),
+    )
+    .set(deleted_at.eq(Some(Utc::now())))
+    .execute(conn)?;
+
+    if affected == 0 {
+        return Err(AppError::Unauthorized(
+            "This account cannot be deleted".into(),
+        ));
+    }
 
     Ok(())
 }

src/docs.rs

@@ -24,6 +24,7 @@ use crate::handlers::{auth, hospitals, patients, appointments, specialists, admi
         hospitals::update_blood_request,
         hospitals::get_hospital_settings,
         hospitals::update_hospital_settings,
+        hospitals::delete_hospital,
         specialists::create_specialist,
         specialists::get_specialist,
         specialists::get_specialists,

src/handlers/auth.rs

@@ -414,7 +414,6 @@ pub async fn verify_email(
 #[utoipa::path(
     post,
     path = "/api/auth/delete-account",
-    request_body = DeleteAccountRequest,
     responses(
         (status = 200, description = "Account deleted successfully"),
         (status = 401, description = "Unauthorized"),

src/handlers/hospitals.rs

@@ -14,7 +14,10 @@ use crate::{
         self, 
         blood_requests::{BloodRequestQuery, BloodRequestResponse, CreateBloodRequest, UpdateBloodRequest}, settings}, 
         models::{BloodRequest, Hospital, HospitalSettings, User}, 
-        utils::{enums::{HospitalTypeEnum, RequestStatusTypeEnum}, response::ApiResponse},
+        utils::{
+            enums::{HospitalTypeEnum, RequestStatusTypeEnum}, 
+            response::{ApiResponse, EmptyData}
+        },
 };
 
 /// Create hospital profile
@@ -304,3 +307,31 @@ pub async fn update_hospital_settings(
         settings::update_hospital_settings(&mut conn, hospital_id, payload)?;
     Ok(ApiResponse::success_with_message("Hospital settings updated successfully", settings))
 }
+
+#[utoipa::path(
+    delete,
+    path = "/api/hospitals/{hospital_id}",
+    responses(
+        (status = 200, description = "Hospital deleted successfully"),
+        (status = 401),
+        (status = 404),
+        (status = 500)
+    ),
+    tag = "hospitals",
+    security(("bearer_auth" = []))
+)]
+pub async fn delete_hospital(
+    State(state): State<AppState>,
+    Extension(user): Extension<User>,
+    Path(hospital_id): Path<Uuid>,
+) -> Result<ApiResponse<EmptyData>, AppError> {
+    let mut conn = state.pool.get()?;
+
+    hospitals::service::delete_hospital(&mut conn, hospital_id, &user)?;
+
+    Ok(ApiResponse::message_only(
+        axum::http::StatusCode::OK,
+        "Hospital deleted successfully",
+    ))
+}
+

src/hospitals/service.rs

@@ -1,5 +1,6 @@
 use diesel::prelude::*;
 use diesel::pg::PgConnection;
+use uuid::Uuid;
 
 use crate::services::mail::MailService;
 use crate::{
@@ -118,4 +119,42 @@ pub fn update_hospital(
     }
 }
 
+pub fn delete_hospital(
+    conn: &mut PgConnection,
+    hospital_id: Uuid,
+    user: &User,
+) -> Result<(), AppError> {
+    use crate::schema::hospitals::dsl::*;
+    use crate::utils::enums::Role;
+    use diesel::prelude::*;
+    use chrono::Utc;
+
+    let affected = if user.role == Role::Admin {
+        // Admin can delete any hospital
+        diesel::update(
+            hospitals
+                .filter(id.eq(hospital_id))
+                .filter(deleted_at.is_null()),
+        )
+        .set(deleted_at.eq(Some(Utc::now())))
+        .execute(conn)?
+    } else {
+        // Hospital can only delete their own
+        diesel::update(
+            hospitals
+                .filter(id.eq(hospital_id))
+                .filter(user_id.eq(user.id))
+                .filter(deleted_at.is_null()),
+        )
+        .set(deleted_at.eq(Some(Utc::now())))
+        .execute(conn)?
+    };
+
+    if affected == 0 {
+        return Err(AppError::NotFound(
+            "Hospital not found or not authorized to delete".into(),
+        ));
+    }
 
+    Ok(())
+}

src/routes/hospitals.rs

@@ -1,8 +1,9 @@
-use axum::{Router, routing::{get, post, put, patch}};
+use axum::{Router, routing::{get, post, put, patch, delete}};
 use crate::{AppState, handlers::hospitals};
 
 pub fn router() -> Router<AppState> {
     Router::new()
+        .route("/{hospital_id}", delete(hospitals::delete_hospital))
         .route("/create", post(hospitals::create_hospital))
         .route("/update/{hospital_id}", put(hospitals::update_hospital))
         .route("/blood-request", get(hospitals::get_blood_requests))