Allow users to be hard-deleted from the API

This commit is contained in:
Nick Thomas 2017-06-01 17:14:39 +01:00
parent 1bf76c7620
commit c890c6aaf2
5 changed files with 43 additions and 6 deletions

View file

@ -0,0 +1,4 @@
---
title: Allow users to be hard-deleted from the API
merge_request: 11853
author:

View file

@ -300,6 +300,9 @@ DELETE /users/:id
Parameters: Parameters:
- `id` (required) - The ID of the user - `id` (required) - The ID of the user
- `hard_delete` (optional) - If true, contributions that would usually be
[moved to the ghost user](../user/profile/account/delete_account.md#associated-records)
will be deleted instead, as well as groups owned solely by this user.
## User ## User

View file

@ -5,9 +5,13 @@
## Associated Records ## Associated Records
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award emoji, notes, and abuse reports in [GitLab 9.1][ce-10467]. > Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award
emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
Hard deletion from abuse reports and spam logs was introduced in
[GitLab 9.1][ce-10273], and from the API in [GitLab 9.3][ce-11853].
When a user account is deleted, not all associated records are deleted with it. Here's a list of things that will not be deleted: When a user account is deleted, not all associated records are deleted with it.
Here's a list of things that will not be deleted:
- Issues that the user created - Issues that the user created
- Merge requests that the user created - Merge requests that the user created
@ -15,11 +19,16 @@ When a user account is deleted, not all associated records are deleted with it.
- Abuse reports that the user reported - Abuse reports that the user reported
- Award emoji that the user craeted - Award emoji that the user craeted
Instead of being deleted, these records will be moved to a system-wide
"Ghost User", whose sole purpose is to act as a container for such records.
Instead of being deleted, these records will be moved to a system-wide "Ghost User", whose sole purpose is to act as a container for such records. When a user is deleted from an abuse report or spam log, these associated
records are not ghosted and will be removed, along with any groups the user
is a sole owner of. Administrators can also request this behaviour when
deleting users from the [API](../../../api/users.md#user-deletion)
[ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393 [ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393
[ce-10273]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10273
[ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467 [ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467
[ce-11853]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11853

View file

@ -286,13 +286,14 @@ module API
end end
params do params do
requires :id, type: Integer, desc: 'The ID of the user' requires :id, type: Integer, desc: 'The ID of the user'
optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"
end end
delete ":id" do delete ":id" do
authenticated_as_admin! authenticated_as_admin!
user = User.find_by(id: params[:id]) user = User.find_by(id: params[:id])
not_found!('User') unless user not_found!('User') unless user
DeleteUserWorker.perform_async(current_user.id, user.id) DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: params[:hard_delete])
end end
desc 'Block a user. Available only for admins.' desc 'Block a user. Available only for admins.'

View file

@ -702,6 +702,7 @@ describe API::Users do
describe "DELETE /users/:id" do describe "DELETE /users/:id" do
let!(:namespace) { user.namespace } let!(:namespace) { user.namespace }
let!(:issue) { create(:issue, author: user) }
before { admin } before { admin }
it "deletes user" do it "deletes user" do
@ -733,6 +734,25 @@ describe API::Users do
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
end end
context "hard delete disabled" do
it "moves contributions to the ghost user" do
Sidekiq::Testing.inline! { delete api("/users/#{user.id}", admin) }
expect(response).to have_http_status(204)
expect(issue.reload).to be_persisted
expect(issue.author.ghost?).to be_truthy
end
end
context "hard delete enabled" do
it "removes contributions" do
Sidekiq::Testing.inline! { delete api("/users/#{user.id}?hard_delete=true", admin) }
expect(response).to have_http_status(204)
expect(Issue.exists?(issue.id)).to be_falsy
end
end
end end
describe "GET /user" do describe "GET /user" do