feature: Delete_user_as_admin_through_API_only

backend/src/middleware/permissionsMiddleware.js

@@ -133,7 +133,7 @@ export default shield(
       CreateComment: isAuthenticated,
       UpdateComment: isAuthor,
       DeleteComment: isAuthor,
-      DeleteUser: isDeletingOwnAccount,
+      DeleteUser: or(isDeletingOwnAccount, isAdmin),
       requestPasswordReset: allow,
       resetPassword: allow,
       AddPostEmotions: isAuthenticated,

backend/src/schema/resolvers/users.js

@@ -175,6 +175,7 @@ export default {
     DeleteUser: async (object, params, context, resolveInfo) => {
       const { resource } = params
       const session = context.driver.session()
+      const { id: userId } = params
       try {
         if (resource && resource.length) {
           await session.writeTransaction(transaction => {
@@ -190,7 +191,7 @@ export default {
                     RETURN author
                   `,
                 {
-                  userId: context.user.id,
+                  userId,
                 },
               )
             })
@@ -212,7 +213,7 @@ export default {
               DETACH DELETE socialMedia
               RETURN user
             `,
-            { userId: context.user.id },
+            { userId },
           )
           log(deleteUserTransactionResponse)
           return deleteUserTransactionResponse.records.map(record => record.get('user').properties)