Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
c890c6aa
Commit
c890c6aa
authored
Jun 01, 2017
by
Nick Thomas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow users to be hard-deleted from the API
parent
1bf76c76
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
43 additions
and
6 deletions
+43
-6
changelogs/unreleased/28694-hard-delete-user-from-api.yml
changelogs/unreleased/28694-hard-delete-user-from-api.yml
+4
-0
doc/api/users.md
doc/api/users.md
+3
-0
doc/user/profile/account/delete_account.md
doc/user/profile/account/delete_account.md
+14
-5
lib/api/users.rb
lib/api/users.rb
+2
-1
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+20
-0
No files found.
changelogs/unreleased/28694-hard-delete-user-from-api.yml
0 → 100644
View file @
c890c6aa
---
title
:
Allow users to be hard-deleted from the API
merge_request
:
11853
author
:
doc/api/users.md
View file @
c890c6aa
...
...
@@ -300,6 +300,9 @@ DELETE /users/:id
Parameters:
-
`id`
(required) - The ID of the user
-
`hard_delete`
(optional) - If true, contributions that would usually be
[
moved to the ghost user
](
../user/profile/account/delete_account.md#associated-records
)
will be deleted instead, as well as groups owned solely by this user.
## User
...
...
doc/user/profile/account/delete_account.md
View file @
c890c6aa
...
...
@@ -5,9 +5,13 @@
## Associated Records
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award
emoji, notes, and abuse reports in
[
GitLab 9.1
][
ce-10467
]
.
Hard deletion from abuse reports and spam logs was introduced in
[
GitLab 9.1
][
ce-10273
]
, and from the API in
[
GitLab 9.3
][
ce-11853
]
.
When a user account is deleted, not all associated records are deleted with it. Here's a list of things that will not be deleted:
When a user account is deleted, not all associated records are deleted with it.
Here's a list of things that will not be deleted:
-
Issues that the user created
-
Merge requests that the user created
...
...
@@ -15,11 +19,16 @@ When a user account is deleted, not all associated records are deleted with it.
-
Abuse reports that the user reported
-
Award emoji that the user craeted
Instead of being deleted, these records will be moved to a system-wide
"Ghost User", whose sole purpose is to act as a container for such records.
Instead of being deleted, these records will be moved to a system-wide "Ghost User", whose sole purpose is to act as a container for such records.
When a user is deleted from an abuse report or spam log, these associated
records are not ghosted and will be removed, along with any groups the user
is a sole owner of. Administrators can also request this behaviour when
deleting users from the
[
API
](
../../../api/users.md#user-deletion
)
[
ce-7393
]:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393
[
ce-10273
]:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10273
[
ce-10467
]:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467
[
ce-11853
]:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11853
lib/api/users.rb
View file @
c890c6aa
...
...
@@ -286,13 +286,14 @@ module API
end
params
do
requires
:id
,
type:
Integer
,
desc:
'The ID of the user'
optional
:hard_delete
,
type:
Boolean
,
desc:
"Whether to remove a user's contributions"
end
delete
":id"
do
authenticated_as_admin!
user
=
User
.
find_by
(
id:
params
[
:id
])
not_found!
(
'User'
)
unless
user
DeleteUserWorker
.
perform_async
(
current_user
.
id
,
user
.
id
)
DeleteUserWorker
.
perform_async
(
current_user
.
id
,
user
.
id
,
hard_delete:
params
[
:hard_delete
]
)
end
desc
'Block a user. Available only for admins.'
...
...
spec/requests/api/users_spec.rb
View file @
c890c6aa
...
...
@@ -702,6 +702,7 @@ describe API::Users do
describe
"DELETE /users/:id"
do
let!
(
:namespace
)
{
user
.
namespace
}
let!
(
:issue
)
{
create
(
:issue
,
author:
user
)
}
before
{
admin
}
it
"deletes user"
do
...
...
@@ -733,6 +734,25 @@ describe API::Users do
expect
(
response
).
to
have_http_status
(
404
)
end
context
"hard delete disabled"
do
it
"moves contributions to the ghost user"
do
Sidekiq
::
Testing
.
inline!
{
delete
api
(
"/users/
#{
user
.
id
}
"
,
admin
)
}
expect
(
response
).
to
have_http_status
(
204
)
expect
(
issue
.
reload
).
to
be_persisted
expect
(
issue
.
author
.
ghost?
).
to
be_truthy
end
end
context
"hard delete enabled"
do
it
"removes contributions"
do
Sidekiq
::
Testing
.
inline!
{
delete
api
(
"/users/
#{
user
.
id
}
?hard_delete=true"
,
admin
)
}
expect
(
response
).
to
have_http_status
(
204
)
expect
(
Issue
.
exists?
(
issue
.
id
)).
to
be_falsy
end
end
end
describe
"GET /user"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment