Added users-delete API endpoint

- Refactored some delete checks into repo. - Added tests to cover. - Moved some translations to align with activity/logging system.
2025-07-28 17:02:04 +03:00 · 2022-02-03 15:12:50 +00:00
parent d089623aac
commit 2cd7a48044
9 changed files with 101 additions and 22 deletions
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@ -5,6 +5,7 @@ namespace BookStack\Http\Controllers\Api;
 use BookStack\Auth\User;
 use BookStack\Auth\UserRepo;
 use Closure;
+use Illuminate\Http\Request;

 class UserApiController extends ApiController
 {
@ -19,6 +20,9 @@ class UserApiController extends ApiController
        ],
        'update' => [
        ],
+        'delete' => [
+            'migrate_ownership_id' => ['integer', 'exists:users,id'],
+        ],
    ];

    public function __construct(UserRepo $userRepo)
@ -56,6 +60,24 @@ class UserApiController extends ApiController
        return response()->json($singleUser);
    }

+    /**
+     * Delete a user from the system.
+     * Can optionally accept a user id via `migrate_ownership_id` to indicate
+     * who should be the new owner of their related content.
+     * Requires permission to manage users.
+     */
+    public function delete(Request $request, string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $user = $this->userRepo->getById($id);
+        $newOwnerId = $request->get('migrate_ownership_id', null);
+
+        $this->userRepo->destroy($user, $newOwnerId);
+
+        return response('', 204);
+    }
+
    /**
     * Format the given user model for single-result display.
     */
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -262,21 +262,7 @@ class UserController extends Controller
        $user = $this->userRepo->getById($id);
        $newOwnerId = $request->get('new_owner_id', null);

-        if ($this->userRepo->isOnlyAdmin($user)) {
-            $this->showErrorNotification(trans('errors.users_cannot_delete_only_admin'));
-
-            return redirect($user->getEditUrl());
-        }
-
-        if ($user->system_name === 'public') {
-            $this->showErrorNotification(trans('errors.users_cannot_delete_guest'));
-
-            return redirect($user->getEditUrl());
-        }
-
        $this->userRepo->destroy($user, $newOwnerId);
-        $this->showSuccessNotification(trans('settings.users_delete_success'));
-        $this->logActivity(ActivityType::USER_DELETE, $user);

        return redirect('/settings/users');
    }