users: add unset route for avatar

also add missing tests for avatar and profile locking
2025-07-15 10:06:26 +02:00
parent be9adb64bb
commit 622aecfd6d
9 changed files with 122 additions and 3 deletions
@@ -178,7 +178,8 @@ async function initializeExpressSync() {
    router.post('/api/v1/profile/fallback_email',                  json, token, authorizeUser, routes.profile.canEditProfile, routes.users.verifyPassword, routes.profile.setFallbackEmail);
    router.post('/api/v1/profile/language',                        json, token, authorizeUser, routes.profile.setLanguage);
    router.get ('/api/v1/profile/avatar/:identifier',                                          routes.profile.getAvatarById); // this is not scoped so it can used directly in img tag
-    router.post('/api/v1/profile/avatar',                                token, authorizeUser, routes.profile.canEditProfile, multipart, routes.profile.setAvatar); // avatar is not exposed in LDAP. so it's personal and not locked
+    router.post('/api/v1/profile/avatar',                                token, authorizeUser, routes.profile.canEditProfile, multipart, routes.profile.setAvatar);
+    router.del ('/api/v1/profile/avatar',                                token, authorizeUser, routes.profile.canEditProfile, routes.profile.unsetAvatar);
    router.get ('/api/v1/profile/background_image',                      token, authorizeUser, routes.profile.getBackgroundImage);
    router.post('/api/v1/profile/background_image',                      token, authorizeUser, multipart, routes.profile.setBackgroundImage); // backgroundImage is not exposed in LDAP. so it's personal and not locked
    router.del ('/api/v1/profile/background_image',                      token, authorizeUser,            routes.profile.unsetBackgroundImage); // backgroundImage is not exposed in LDAP. so it's personal and not locked
@@ -211,6 +212,7 @@ async function initializeExpressSync() {
    router.post('/api/v1/users/:userId/profile',       json, token, authorizeUserManager, routes.users.load, routes.users.updateProfile);
    router.get ('/api/v1/users/:userId/avatar',              token, authorizeUserManager, routes.users.load, routes.users.getAvatar);
    router.post('/api/v1/users/:userId/avatar',              token, authorizeUserManager, multipart, routes.users.load, routes.users.setAvatar);
+    router.del ('/api/v1/users/:userId/avatar',              token, authorizeUserManager, routes.users.load, routes.users.unsetAvatar);
    router.post('/api/v1/users/:userId/password',      json, token, authorizeUserManager, routes.users.load, routes.users.setPassword);
    router.post('/api/v1/users/:userId/ghost',         json, token, authorizeAdmin,       routes.users.load, routes.users.setGhost);
    router.put ('/api/v1/users/:userId/groups',        json, token, authorizeUserManager, routes.users.load, routes.users.setLocalGroups);