Commit 7cc734a2 authored by Douwe Maan's avatar Douwe Maan

Merge branch '28694-hard-delete-user-from-api' into 'master'

Allow users to be hard-deleted from the API

See merge request !11853
parents 256a8601 c890c6aa
---
title: Allow users to be hard-deleted from the API
merge_request: 11853
author:
......@@ -300,6 +300,9 @@ DELETE /users/:id
Parameters:
- `id` (required) - The ID of the user
- `hard_delete` (optional) - If true, contributions that would usually be
[moved to the ghost user](../user/profile/account/delete_account.md#associated-records)
will be deleted instead, as well as groups owned solely by this user.
## User
......
......@@ -5,9 +5,13 @@
## Associated Records
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award
emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
Hard deletion from abuse reports and spam logs was introduced in
[GitLab 9.1][ce-10273], and from the API in [GitLab 9.3][ce-11853].
When a user account is deleted, not all associated records are deleted with it. Here's a list of things that will not be deleted:
When a user account is deleted, not all associated records are deleted with it.
Here's a list of things that will not be deleted:
- Issues that the user created
- Merge requests that the user created
......@@ -15,11 +19,16 @@ When a user account is deleted, not all associated records are deleted with it.
- Abuse reports that the user reported
- Award emoji that the user created
Instead of being deleted, these records will be moved to a system-wide
"Ghost User", whose sole purpose is to act as a container for such records.
Instead of being deleted, these records will be moved to a system-wide "Ghost User", whose sole purpose is to act as a container for such records.
When a user is deleted from an abuse report or spam log, these associated
records are not ghosted and will be removed, along with any groups the user
is a sole owner of. Administrators can also request this behaviour when
deleting users from the [API](../../../api/users.md#user-deletion)
[ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393
[ce-10273]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10273
[ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467
[ce-11853]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11853
......@@ -286,13 +286,14 @@ module API
end
params do
requires :id, type: Integer, desc: 'The ID of the user'
optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"
end
delete ":id" do
authenticated_as_admin!
user = User.find_by(id: params[:id])
not_found!('User') unless user
DeleteUserWorker.perform_async(current_user.id, user.id)
DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: params[:hard_delete])
end
desc 'Block a user. Available only for admins.'
......
......@@ -702,6 +702,7 @@ describe API::Users do
describe "DELETE /users/:id" do
let!(:namespace) { user.namespace }
let!(:issue) { create(:issue, author: user) }
before { admin }
it "deletes user" do
......@@ -733,6 +734,25 @@ describe API::Users do
expect(response).to have_http_status(404)
end
context "hard delete disabled" do
it "moves contributions to the ghost user" do
Sidekiq::Testing.inline! { delete api("/users/#{user.id}", admin) }
expect(response).to have_http_status(204)
expect(issue.reload).to be_persisted
expect(issue.author.ghost?).to be_truthy
end
end
context "hard delete enabled" do
it "removes contributions" do
Sidekiq::Testing.inline! { delete api("/users/#{user.id}?hard_delete=true", admin) }
expect(response).to have_http_status(204)
expect(Issue.exists?(issue.id)).to be_falsy
end
end
end
describe "GET /user" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment