]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Api/UserApiController.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added users-delete API endpoint
[bookstack] / app / Http / Controllers / Api / UserApiController.php
diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php
index ed1a4b13d78170470d93d851d430fe1c1ba56fce..6ca31f0fda440e1b67633a3a9167e1ed5f89c1ae 100644 (file)
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@@ -5,6 +5,7 @@ namespace BookStack\Http\Controllers\Api;
 use BookStack\Auth\User;
 use BookStack\Auth\UserRepo;
 use Closure;
+use Illuminate\Http\Request;
 
 class UserApiController extends ApiController
 {
@@ -19,6 +20,9 @@ class UserApiController extends ApiController
         ],
         'update' => [
         ],
+        'delete' => [
+            'migrate_ownership_id' => ['integer', 'exists:users,id'],
+        ],
     ];
 
     public function __construct(UserRepo $userRepo)
@@ -56,6 +60,24 @@ class UserApiController extends ApiController
         return response()->json($singleUser);
     }
 
+    /**
+     * Delete a user from the system.
+     * Can optionally accept a user id via `migrate_ownership_id` to indicate
+     * who should be the new owner of their related content.
+     * Requires permission to manage users.
+     */
+    public function delete(Request $request, string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $user = $this->userRepo->getById($id);
+        $newOwnerId = $request->get('migrate_ownership_id', null);
+
+        $this->userRepo->destroy($user, $newOwnerId);
+
+        return response('', 204);
+    }
+
     /**
      * Format the given user model for single-result display.
      */
The core source code for the BookStack project.