ghaitben · malsadev · Apr 5, 2024 · Apr 5, 2024
diff --git a/README.md b/README.md
@@ -442,4 +442,26 @@ sample request body
     "city" : "heath",
     "country" : "5",
     "postal_code": "postaa"
+}
+
+### 6.Delete Room
+
+http delete /delete_room
+
+sample request body
+
+{
+    "user_type": "employee",
+    "user_id": 801,
+    "room_id": 1602
+}
+
+### 7.Delete Hotel
+
+http delete /delete_hotel
+
+{
+    "user_type": "employee",
+    "user_id": 801,
+    "hotel_id": 82 
 }
diff --git a/ehotels/hms/urls.py b/ehotels/hms/urls.py
@@ -8,5 +8,7 @@
         path("reserve_room", views.reserve_room),
         path("rent_room", views.rent_room),
         path("add_room", views.add_room),
-        path("add_hotel", views.add_hotel)
+        path("add_hotel", views.add_hotel),
+        path("delete_room", views.delete_room),
+        path("delete_hotel", views.delete_hotel)
 ]
diff --git a/ehotels/hms/views.py b/ehotels/hms/views.py
@@ -287,8 +287,55 @@ def add_hotel(request):
             else:
                 return JsonResponse({"message": "Missing required fields"}, status=400)
         else:
-            return JsonResponse({"message": "Client authentication failed"}, status=401)      
+            return JsonResponse({"message": "Client authentication failed"}, status=401)
+
+def delete_room(request):
+    if request.method == 'DELETE':
+        data = json.loads(request.body)
+        user_type = data.get("user_type", None)
+
+        # Only employees are able to delete rooms
+        if is_authenticated(data.get("user_id"), user_type) and user_type == "employee":
+
+            room_id = data.get('room_id', None)
 
+
+            if room_id:
+                with connection.cursor() as cursor:
+
+                    cursor.execute(
+                        "DELETE FROM room WHERE id = %s",
+                        [room_id]
+                    )
+
+                return JsonResponse({"message": "Room deleted"}, status=200)
+            else:
+                return JsonResponse({"message": "Missing required fields"}, status=400)
+        else:
+            return JsonResponse({"message": "Client authentication failed"}, status=401) 
+
+def delete_hotel(request):
+    if request.method == 'DELETE':
+        data = json.loads(request.body)
+        user_type = data.get("user_type", None)
+
+        # Only employees are able to delete hotels
+        if is_authenticated(data.get("user_id"), user_type) and user_type == "employee":
+            hotel_id = data.get('hotel_id', None)
+
+            if hotel_id:
+                with connection.cursor() as cursor:
+
+                    cursor.execute(
+                        "DELETE FROM hotel WHERE id = %s",
+                        [hotel_id]
+                    )
+
+                return JsonResponse({"message": "hotel deleted"}, status=200)
+            else:
+                return JsonResponse({"message": "Missing required fields"}, status=400)
+        else:
+            return JsonResponse({"message": "Client authentication failed"}, status=401) 
 
 
 def authenticate(fullname, ssn, user_type):