pub async fn validate_image_deletion(
infra: &InfraContext<'_>,
token: &str,
image_id_vec: &[&str],
settings_group_name_opt: Option<&str>,
) -> Result<(), Error>Expand description
Refuse a planned image delete that would orphan a live boot path or touch an image scoped to a group the caller can’t reach.
Two checks run after access validation: any image listed in
image_id_vec that is the current boot image of an existing BSS
record fails with BadRequest (deleting it would brick the next
boot); any image whose boot record targets hosts outside the
caller’s available groups fails the same way (so a user can’t
indirectly remove an image they don’t own through a shared id).
Pure check — no deletion happens here.