Add "erase" option to REST deactivate request body

This allows using the endpoint to deactivate a user without deleting it. TODO: make the request body optional.
2025-07-03 13:22:17 -04:00
parent 26c08f9215
commit 58cd2ba993
2 changed files with 35 additions and 1 deletions
--- a/crates/handlers/src/admin/v1/users/deactivate.rs
+++ b/crates/handlers/src/admin/v1/users/deactivate.rs
@@ -8,6 +8,8 @@ use aide::{NoApi, OperationIo, transform::TransformOperation};
 use axum::{Json, response::IntoResponse};
 use hyper::StatusCode;
 use mas_axum_utils::record_error;
+use schemars::JsonSchema;
+use serde::Deserialize;
 use mas_storage::{
    BoxRng,
    queue::{DeactivateUserJob, QueueJobRepositoryExt as _},
@@ -49,6 +51,14 @@ impl IntoResponse for RouteError {
    }
 }

+/// # JSON payload for the `POST /api/admin/v1/users/:id/deactivate` endpoint
+#[derive(Deserialize, JsonSchema)]
+#[serde(rename = "DeactivateUserRequest")]
+pub struct Request {
+    /// Whether the user should be GDPR-erased from the homeserver.
+    erase: bool,
+}
+
 pub fn doc(operation: TransformOperation) -> TransformOperation {
    operation
        .id("deactivateUser")
@@ -76,6 +86,7 @@ pub async fn handler(
    }: CallContext,
    NoApi(mut rng): NoApi<BoxRng>,
    id: UlidPathParam,
+    Json(params): Json<Request>,
 ) -> Result<Json<SingleResponse<User>>, RouteError> {
    let id = *id;
    let mut user = repo
@@ -90,7 +101,7 @@ pub async fn handler(

    info!(%user.id, "Scheduling deactivation of user");
    repo.queue_job()
-        .schedule_job(&mut rng, &clock, DeactivateUserJob::new(&user, true))
+        .schedule_job(&mut rng, &clock, DeactivateUserJob::new(&user, params.erase))
        .await?;

    repo.save().await?;
--- a/docs/api/spec.json
+++ b/docs/api/spec.json
@@ -1359,6 +1359,16 @@
            "style": "simple"
          }
        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/DeactivateUserRequest"
+              }
+            }
+          },
+          "required": true
+        },
        "responses": {
          "200": {
            "description": "User was deactivated",
@@ -3872,6 +3882,19 @@
          }
        }
      },
+      "DeactivateUserRequest": {
+        "title": "JSON payload for the `POST /api/admin/v1/users/:id/deactivate` endpoint",
+        "type": "object",
+        "required": [
+          "erase"
+        ],
+        "properties": {
+          "erase": {
+            "description": "Whether the user should be GDPR-erased from the homeserver.",
+            "type": "boolean"
+          }
+        }
+      },
      "UserEmailFilter": {
        "type": "object",
        "properties": {