Allow users to be hard-deleted from the API
This commit is contained in:
Nick Thomas
parent
1bf76c7620
commit
c890c6aaf2
5 changed files with 43 additions and 6 deletions
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
title: Allow users to be hard-deleted from the API
|
||||||
|
merge_request: 11853
|
||||||
|
author:
|
||||||
|
|
@ -300,6 +300,9 @@ DELETE /users/:id
|
||||||
Parameters:
|
Parameters:
|
||||||
|
|
||||||
- `id` (required) - The ID of the user
|
- `id` (required) - The ID of the user
|
||||||
|
- `hard_delete` (optional) - If true, contributions that would usually be
|
||||||
|
[moved to the ghost user](../user/profile/account/delete_account.md#associated-records)
|
||||||
|
will be deleted instead, as well as groups owned solely by this user.
|
||||||
|
|
||||||
## User
|
## User
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,9 +5,13 @@
|
||||||
|
|
||||||
## Associated Records
|
## Associated Records
|
||||||
|
|
||||||
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
|
> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award
|
||||||
|
emoji, notes, and abuse reports in [GitLab 9.1][ce-10467].
|
||||||
|
Hard deletion from abuse reports and spam logs was introduced in
|
||||||
|
[GitLab 9.1][ce-10273], and from the API in [GitLab 9.3][ce-11853].
|
||||||
|
|
||||||
When a user account is deleted, not all associated records are deleted with it. Here's a list of things that will not be deleted:
|
When a user account is deleted, not all associated records are deleted with it.
|
||||||
|
Here's a list of things that will not be deleted:
|
||||||
|
|
||||||
- Issues that the user created
|
- Issues that the user created
|
||||||
- Merge requests that the user created
|
- Merge requests that the user created
|
||||||
|
|
@ -15,11 +19,16 @@ When a user account is deleted, not all associated records are deleted with it.
|
||||||
- Abuse reports that the user reported
|
- Abuse reports that the user reported
|
||||||
- Award emoji that the user craeted
|
- Award emoji that the user craeted
|
||||||
|
|
||||||
|
Instead of being deleted, these records will be moved to a system-wide
|
||||||
|
"Ghost User", whose sole purpose is to act as a container for such records.
|
||||||
|
|
||||||
Instead of being deleted, these records will be moved to a system-wide "Ghost User", whose sole purpose is to act as a container for such records.
|
When a user is deleted from an abuse report or spam log, these associated
|
||||||
|
records are not ghosted and will be removed, along with any groups the user
|
||||||
|
is a sole owner of. Administrators can also request this behaviour when
|
||||||
|
deleting users from the [API](../../../api/users.md#user-deletion)
|
||||||
|
|
||||||
[ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393
|
[ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393
|
||||||
|
[ce-10273]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10273
|
||||||
[ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467
|
[ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467
|
||||||
|
[ce-11853]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11853
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -286,13 +286,14 @@ module API
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :id, type: Integer, desc: 'The ID of the user'
|
requires :id, type: Integer, desc: 'The ID of the user'
|
||||||
|
optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"
|
||||||
end
|
end
|
||||||
delete ":id" do
|
delete ":id" do
|
||||||
authenticated_as_admin!
|
authenticated_as_admin!
|
||||||
user = User.find_by(id: params[:id])
|
user = User.find_by(id: params[:id])
|
||||||
not_found!('User') unless user
|
not_found!('User') unless user
|
||||||
|
|
||||||
DeleteUserWorker.perform_async(current_user.id, user.id)
|
DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: params[:hard_delete])
|
||||||
end
|
end
|
||||||
|
|
||||||
desc 'Block a user. Available only for admins.'
|
desc 'Block a user. Available only for admins.'
|
||||||
|
|
|
||||||
|
|
@ -702,6 +702,7 @@ describe API::Users do
|
||||||
|
|
||||||
describe "DELETE /users/:id" do
|
describe "DELETE /users/:id" do
|
||||||
let!(:namespace) { user.namespace }
|
let!(:namespace) { user.namespace }
|
||||||
|
let!(:issue) { create(:issue, author: user) }
|
||||||
before { admin }
|
before { admin }
|
||||||
|
|
||||||
it "deletes user" do
|
it "deletes user" do
|
||||||
|
|
@ -733,6 +734,25 @@ describe API::Users do
|
||||||
|
|
||||||
expect(response).to have_http_status(404)
|
expect(response).to have_http_status(404)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "hard delete disabled" do
|
||||||
|
it "moves contributions to the ghost user" do
|
||||||
|
Sidekiq::Testing.inline! { delete api("/users/#{user.id}", admin) }
|
||||||
|
|
||||||
|
expect(response).to have_http_status(204)
|
||||||
|
expect(issue.reload).to be_persisted
|
||||||
|
expect(issue.author.ghost?).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "hard delete enabled" do
|
||||||
|
it "removes contributions" do
|
||||||
|
Sidekiq::Testing.inline! { delete api("/users/#{user.id}?hard_delete=true", admin) }
|
||||||
|
|
||||||
|
expect(response).to have_http_status(204)
|
||||||
|
expect(Issue.exists?(issue.id)).to be_falsy
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "GET /user" do
|
describe "GET /user" do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue