feature: Delete_user_as_admin_through_API_only

2025-12-13 07:45:56 +00:00 · 2020-02-13 13:40:20 +01:00 · 2020-02-13 13:40:20 +01:00 · 3d8fe4d850
commit 3d8fe4d850
parent 066506838f
2 changed files with 4 additions and 3 deletions
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@ -133,7 +133,7 @@ export default shield(
      CreateComment: isAuthenticated,
      UpdateComment: isAuthor,
      DeleteComment: isAuthor,
-      DeleteUser: isDeletingOwnAccount,
+      DeleteUser: or(isDeletingOwnAccount, isAdmin),
      requestPasswordReset: allow,
      resetPassword: allow,
      AddPostEmotions: isAuthenticated,
--- a/backend/src/schema/resolvers/users.js
+++ b/backend/src/schema/resolvers/users.js
@ -175,6 +175,7 @@ export default {
    DeleteUser: async (object, params, context, resolveInfo) => {
      const { resource } = params
      const session = context.driver.session()
+      const { id: userId } = params
      try {
        if (resource && resource.length) {
          await session.writeTransaction(transaction => {
@ -190,7 +191,7 @@ export default {
                    RETURN author
                  `,
                {
-                  userId: context.user.id,
+                  userId,
                },
              )
            })
@ -212,7 +213,7 @@ export default {
              DETACH DELETE socialMedia
              RETURN user
            `,
-            { userId: context.user.id },
+            { userId },
          )
          log(deleteUserTransactionResponse)
          return deleteUserTransactionResponse.records.map(record => record.get('user').properties)