Open Bug 1461107 Opened 7 years ago Updated 6 years ago

new REST API to delete users

Categories

(Bugzilla :: WebService, defect)

Product:
Bugzilla
Component:
WebService
Version:
5.0.3
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: alexander.adolf, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.99 Steps to reproduce: As we are moving our website, I will need to make bulk updates to the users, of which we have some 300. The version drop-down only offered up to 5.0.3. We are deploying 5.0.4. Actual results: Using the REST API, I can create and update users, and obtain some supplementary information about a user. Expected results: But there is no REST API to delete a user. I would need this, however, to be able to clean out stale accounts via scripts which use the REST API (e.g. based on group memberships, last login, etc.). It would be great if a new REST API to delete a user could be added. It should be a two-step process, just like via the browser interface. The first step could for example be: PUT /rest/user/delete/(id_or_name) The response to this would contain the same information I get when I delete a user via the browser interface, i.e. login name, real name, groups, unsafe deletions, and safe deletions. Additionally, the response would contain a token value (which would be used in a subsequent call). This first PUT call would not actually delete the user. Then, conveying the token value obtained from the response to the initial PUT call, I would issue as second call which actually deletes the user, for example as: DELETE /rest/user/(id_or_name) Via this two-step process, the user deletion semantics would be the same as via the browser interface. Needless to mention that one must be logged into do this. It should not be an error to issue several "deletion requests" (PUT /rest/user/delete/(id_or_name)) in a row, since based on the returned information (e.g. unsafe deletions), my script may choose to refrain from deleting the user. The deletion token should be invalidated if and when any other action relating to that user account happens (the user logs in, another REST API concerning the same user account is invoked, the user account is modified via the browser interface), or after a short time-out, e.g. five minutes.
Blocks: 1459489
You need to log in before you can comment on or make changes to this bug.