diff options
-rw-r--r-- | changelogs/unreleased/28694-hard-delete-user-from-api.yml | 4 | ||||
-rw-r--r-- | doc/api/users.md | 3 | ||||
-rw-r--r-- | doc/user/profile/account/delete_account.md | 19 | ||||
-rw-r--r-- | lib/api/users.rb | 3 | ||||
-rw-r--r-- | spec/requests/api/users_spec.rb | 20 |
5 files changed, 43 insertions, 6 deletions
diff --git a/changelogs/unreleased/28694-hard-delete-user-from-api.yml b/changelogs/unreleased/28694-hard-delete-user-from-api.yml new file mode 100644 index 00000000000..ad46540495c --- /dev/null +++ b/changelogs/unreleased/28694-hard-delete-user-from-api.yml @@ -0,0 +1,4 @@ +--- +title: Allow users to be hard-deleted from the API +merge_request: 11853 +author: diff --git a/doc/api/users.md b/doc/api/users.md index 331f9a9b80b..7e118dcf4a9 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -300,6 +300,9 @@ DELETE /users/:id Parameters: - `id` (required) - The ID of the user +- `hard_delete` (optional) - If true, contributions that would usually be + [moved to the ghost user](../user/profile/account/delete_account.md#associated-records) + will be deleted instead, as well as groups owned solely by this user. ## User diff --git a/doc/user/profile/account/delete_account.md b/doc/user/profile/account/delete_account.md index a13c0458287..6e274a152e5 100644 --- a/doc/user/profile/account/delete_account.md +++ b/doc/user/profile/account/delete_account.md @@ -5,9 +5,13 @@ ## Associated Records -> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award emoji, notes, and abuse reports in [GitLab 9.1][ce-10467]. +> Introduced for issues in [GitLab 9.0][ce-7393], and for merge requests, award + emoji, notes, and abuse reports in [GitLab 9.1][ce-10467]. + Hard deletion from abuse reports and spam logs was introduced in + [GitLab 9.1][ce-10273], and from the API in [GitLab 9.3][ce-11853]. -When a user account is deleted, not all associated records are deleted with it. Here's a list of things that will not be deleted: +When a user account is deleted, not all associated records are deleted with it. +Here's a list of things that will not be deleted: - Issues that the user created - Merge requests that the user created @@ -15,11 +19,16 @@ When a user account is deleted, not all associated records are deleted with it. - Abuse reports that the user reported - Award emoji that the user created +Instead of being deleted, these records will be moved to a system-wide +"Ghost User", whose sole purpose is to act as a container for such records. -Instead of being deleted, these records will be moved to a system-wide "Ghost User", whose sole purpose is to act as a container for such records. - +When a user is deleted from an abuse report or spam log, these associated +records are not ghosted and will be removed, along with any groups the user +is a sole owner of. Administrators can also request this behaviour when +deleting users from the [API](../../../api/users.md#user-deletion) [ce-7393]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7393 +[ce-10273]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10273 [ce-10467]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/10467 - +[ce-11853]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11853 diff --git a/lib/api/users.rb b/lib/api/users.rb index 3d83720b7b9..2070dbd8bc7 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -286,13 +286,14 @@ module API end params do requires :id, type: Integer, desc: 'The ID of the user' + optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions" end delete ":id" do authenticated_as_admin! user = User.find_by(id: params[:id]) not_found!('User') unless user - DeleteUserWorker.perform_async(current_user.id, user.id) + DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: params[:hard_delete]) end desc 'Block a user. Available only for admins.' diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index a2503dbeb69..1c33b8f9502 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -702,6 +702,7 @@ describe API::Users do describe "DELETE /users/:id" do let!(:namespace) { user.namespace } + let!(:issue) { create(:issue, author: user) } before { admin } it "deletes user" do @@ -733,6 +734,25 @@ describe API::Users do expect(response).to have_http_status(404) end + + context "hard delete disabled" do + it "moves contributions to the ghost user" do + Sidekiq::Testing.inline! { delete api("/users/#{user.id}", admin) } + + expect(response).to have_http_status(204) + expect(issue.reload).to be_persisted + expect(issue.author.ghost?).to be_truthy + end + end + + context "hard delete enabled" do + it "removes contributions" do + Sidekiq::Testing.inline! { delete api("/users/#{user.id}?hard_delete=true", admin) } + + expect(response).to have_http_status(204) + expect(Issue.exists?(issue.id)).to be_falsy + end + end end describe "GET /user" do |