Allow users to be hard-deleted from the API
This commit is contained in:
parent
1bf76c7620
commit
c890c6aaf2
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: Allow users to be hard-deleted from the API
|
||||
merge_request: 11853
|
||||
author:
|
|
@ -300,6 +300,9 @@ DELETE /users/:id
|
|||
Parameters:
|
||||
|
||||
- `id` (required) - The ID of the user
|
||||
- `hard_delete` (optional) - If true, contributions that would usually be
|
||||
[moved to the ghost user](../user/profile/account/delete_account.md#associated-records)
|
||||
will be deleted instead, as well as groups owned solely by this user.
|
||||
|
||||
## User
|
||||
|
||||
|
|
|
@ -5,9 +5,13 @@
|
|||
|
||||
## Associated Records
|
||||
|
||||
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
|
||||
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award
|
||||
emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
|
||||
Hard deletion from abuse reports and spam logs was introduced in
|
||||
[GitLab 9.1][ce-10273], and from the API in [GitLab 9.3][ce-11853].
|
||||
|
||||
When a user account is deleted, not all associated records are deleted with it. Here's a list of things that will not be deleted:
|
||||
When a user account is deleted, not all associated records are deleted with it.
|
||||
Here's a list of things that will not be deleted:
|
||||
|
||||
- Issues that the user created
|
||||
- Merge requests that the user created
|
||||
|
@ -15,11 +19,16 @@ When a user account is deleted, not all associated records are deleted with it.
|
|||
- Abuse reports that the user reported
|
||||
- Award emoji that the user craeted
|
||||
|
||||
Instead of being deleted, these records will be moved to a system-wide
|
||||
"Ghost User", whose sole purpose is to act as a container for such records.
|
||||
|
||||
Instead of being deleted, these records will be moved to a system-wide "Ghost User", whose sole purpose is to act as a container for such records.
|
||||
|
||||
When a user is deleted from an abuse report or spam log, these associated
|
||||
records are not ghosted and will be removed, along with any groups the user
|
||||
is a sole owner of. Administrators can also request this behaviour when
|
||||
deleting users from the [API](../../../api/users.md#user-deletion)
|
||||
|
||||
[ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393
|
||||
[ce-10273]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10273
|
||||
[ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467
|
||||
|
||||
[ce-11853]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11853
|
||||
|
||||
|
|
|
@ -286,13 +286,14 @@ module API
|
|||
end
|
||||
params do
|
||||
requires :id, type: Integer, desc: 'The ID of the user'
|
||||
optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"
|
||||
end
|
||||
delete ":id" do
|
||||
authenticated_as_admin!
|
||||
user = User.find_by(id: params[:id])
|
||||
not_found!('User') unless user
|
||||
|
||||
DeleteUserWorker.perform_async(current_user.id, user.id)
|
||||
DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: params[:hard_delete])
|
||||
end
|
||||
|
||||
desc 'Block a user. Available only for admins.'
|
||||
|
|
|
@ -702,6 +702,7 @@ describe API::Users do
|
|||
|
||||
describe "DELETE /users/:id" do
|
||||
let!(:namespace) { user.namespace }
|
||||
let!(:issue) { create(:issue, author: user) }
|
||||
before { admin }
|
||||
|
||||
it "deletes user" do
|
||||
|
@ -733,6 +734,25 @@ describe API::Users do
|
|||
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
|
||||
context "hard delete disabled" do
|
||||
it "moves contributions to the ghost user" do
|
||||
Sidekiq::Testing.inline! { delete api("/users/#{user.id}", admin) }
|
||||
|
||||
expect(response).to have_http_status(204)
|
||||
expect(issue.reload).to be_persisted
|
||||
expect(issue.author.ghost?).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
context "hard delete enabled" do
|
||||
it "removes contributions" do
|
||||
Sidekiq::Testing.inline! { delete api("/users/#{user.id}?hard_delete=true", admin) }
|
||||
|
||||
expect(response).to have_http_status(204)
|
||||
expect(Issue.exists?(issue.id)).to be_falsy
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /user" do
|
||||
|
|
Loading…
Reference in New Issue