We finish the APIs for deleting and updating repository. For the deleting user API, we now will remove all the ssh-keys uploaded by the user, but not the repositories.
Besides, we find that we should not trust the data from the client side, such as the userId from request body, we must get this data from the database to check if the operation is allowed.
We finish the APIs for deleting and updating repository. For the deleting user API, we now will remove all the ssh-keys uploaded by the user, but not the repositories.
Besides, we find that we should not trust the data from the client side, such as the
userIdfrom request body, we must get this data from the database to check if the operation is allowed.See #20 and #32.