Added users-delete API endpoint

- Refactored some delete checks into repo. - Added tests to cover. - Moved some translations to align with activity/logging system.
2025-07-28 17:02:04 +03:00 · 2022-02-03 15:12:50 +00:00
parent d089623aac
commit 2cd7a48044
9 changed files with 101 additions and 22 deletions
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@ -5,6 +5,7 @@ namespace BookStack\Http\Controllers\Api;
 use BookStack\Auth\User;
 use BookStack\Auth\UserRepo;
 use Closure;
+use Illuminate\Http\Request;

 class UserApiController extends ApiController
 {
@ -19,6 +20,9 @@ class UserApiController extends ApiController
        ],
        'update' => [
        ],
+        'delete' => [
+            'migrate_ownership_id' => ['integer', 'exists:users,id'],
+        ],
    ];

    public function __construct(UserRepo $userRepo)
@ -56,6 +60,24 @@ class UserApiController extends ApiController
        return response()->json($singleUser);
    }

+    /**
+     * Delete a user from the system.
+     * Can optionally accept a user id via `migrate_ownership_id` to indicate
+     * who should be the new owner of their related content.
+     * Requires permission to manage users.
+     */
+    public function delete(Request $request, string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $user = $this->userRepo->getById($id);
+        $newOwnerId = $request->get('migrate_ownership_id', null);
+
+        $this->userRepo->destroy($user, $newOwnerId);
+
+        return response('', 204);
+    }
+
    /**
     * Format the given user model for single-result display.
     */