Rocket.Chat/apps/meteor/server/methods/deleteUser.ts

import { Meteor } from 'meteor/meteor';
import { check } from 'meteor/check';
import type { ServerMethods } from '@rocket.chat/ui-contexts';
import type { IUser } from '@rocket.chat/core-typings';
import { Users } from '@rocket.chat/models';

import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission';
import { callbacks } from '../../lib/callbacks';
import { deleteUser } from '../../app/lib/server';
import { AppEvents, Apps } from '../../ee/server/apps/orchestrator';

declare module '@rocket.chat/ui-contexts' {
	// eslint-disable-next-line @typescript-eslint/naming-convention
	interface ServerMethods {
		deleteUser(userId: IUser['_id'], confirmRelinquish?: boolean): boolean;
	}
}

Meteor.methods<ServerMethods>({
	async deleteUser(userId, confirmRelinquish = false) {
		check(userId, String);
		const uid = Meteor.userId();
		if (!uid || (await hasPermissionAsync(uid, 'delete-user')) !== true) {
			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
				method: 'deleteUser',
			});
		}

		const user = await Users.findOneById(userId);
		if (!user) {
			throw new Meteor.Error('error-invalid-user', 'Invalid user to delete', {
				method: 'deleteUser',
			});
		}

		if (user.type === 'app') {
			throw new Meteor.Error('error-cannot-delete-app-user', 'Deleting app user is not allowed', {
				method: 'deleteUser',
			});
		}

		const adminCount = await Users.col.countDocuments({ roles: 'admin' });

		const userIsAdmin = user.roles?.indexOf('admin') > -1;

		if (adminCount === 1 && userIsAdmin) {
			throw new Meteor.Error('error-action-not-allowed', 'Leaving the app without admins is not allowed', {
				method: 'deleteUser',
				action: 'Remove_last_admin',
			});
		}

		await deleteUser(userId, confirmRelinquish);

		await callbacks.run('afterDeleteUser', user);

		// App IPostUserDeleted event hook
		await Apps.triggerEvent(AppEvents.IPostUserDeleted, { user, performedBy: await Meteor.userAsync() });

		return true;
	},
});
Removal of Meteor global variable (#12371) * First wave of removal of Meteor global * Second wave of removal of Meteor global * Third wave of removal of Meteor global * Fix tests * Fix ESLint 7 years ago			`import { Meteor } from 'meteor/meteor';`
Removal of Match, check, moment, Tracker and Mongo global variables (#12410) * First wave of removal of Meteor global * Second wave of removal of Meteor global * Third wave of removal of Meteor global * Fix tests * Remove global variable SHA256 * Remove global variable WebApp * Remove global variable EJSON * Remove global variable Email * Remove global variable HTTP * Remove global variable Random * Remove global variable ReactiveDict * Remove global variable ReactiveVar * Remove global variable Accounts * Remove globals variables Match and check * Remove global variable Mongo * Remove global variable moment * Remove global variable Tracker * Fix ESLint 7 years ago			`import { check } from 'meteor/check';`
refactor: Types of Meteor methods (10/10) (#28541) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`import type { ServerMethods } from '@rocket.chat/ui-contexts';`
			`import type { IUser } from '@rocket.chat/core-typings';`
refactor: remove Users from fibers 14 (#28780) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`import { Users } from '@rocket.chat/models';`
New eslint rules (#14332) * Fix new eslint rules * Fix eslint rules: no-unsafe-finally no-await-in-loop * More and more rules * Fix changes after lint fixes * Fix import orders * New eslint rules operator-linebreak new-parens * New eslint rule: no-useless-computed-key * New eslint rule: no-useless-constructor * Fix after develop merge * Update lint package and fix new code 7 years ago
refactor: hasPermission to async - first part (#28533) Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com> 3 years ago			`import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission';`
Chore: Move `callbacks` to /lib (#23456) 4 years ago			`import { callbacks } from '../../lib/callbacks';`
[NEW] Assign oldest active user as owner when deleting last room owner (#16088) Co-authored-by: Diego Sampaio <chinello@gmail.com> 6 years ago			`import { deleteUser } from '../../app/lib/server';`
[BREAK] Marketplace standalone page and app request flow (#27389) Co-authored-by: dougfabris <devfabris@gmail.com> Co-authored-by: Júlia Jaeger Foresti <60678893+juliajforesti@users.noreply.github.com> Co-authored-by: Tiago Evangelista Pinto <tiago.evangelista@rocket.chat> Co-authored-by: Felipe <84182706+felipe-rod123@users.noreply.github.com> Co-authored-by: yash-rajpal <rajpal.yash03@gmail.com> Co-authored-by: Matheus Carmo <matheus.carmo@rocket.chat> Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> Co-authored-by: Rafael Tapia <rafael.tapia@rocket.chat> Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com> Co-authored-by: Diego Sampaio <chinello@gmail.com> 3 years ago			`import { AppEvents, Apps } from '../../ee/server/apps/orchestrator';`
Removal of Meteor global variable (#12371) * First wave of removal of Meteor global * Second wave of removal of Meteor global * Third wave of removal of Meteor global * Fix tests * Fix ESLint 7 years ago
refactor: Types of Meteor methods (10/10) (#28541) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`declare module '@rocket.chat/ui-contexts' {`
			`// eslint-disable-next-line @typescript-eslint/naming-convention`
			`interface ServerMethods {`
			`deleteUser(userId: IUser['_id'], confirmRelinquish?: boolean): boolean;`
			`}`
			`}`

			`Meteor.methods<ServerMethods>({`
Chore: Convert Fiber models to async Step 1 (#23633) Co-authored-by: Diego Sampaio <chinello@gmail.com> Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 4 years ago			`async deleteUser(userId, confirmRelinquish = false) {`
Convert /server/methods to JS 9 years ago			`check(userId, String);`
refactor: Types of Meteor methods (10/10) (#28541) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`const uid = Meteor.userId();`
			`if (!uid \|\| (await hasPermissionAsync(uid, 'delete-user')) !== true) {`
Convert /server/methods to JS 9 years ago			`throw new Meteor.Error('error-not-allowed', 'Not allowed', {`
Add new eslint rules (#11800) 7 years ago			`method: 'deleteUser',`
Convert /server/methods to JS 9 years ago			`});`
			`}`

refactor: remove Users from fibers 14 (#28780) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`const user = await Users.findOneById(userId);`
Convert /server/methods to JS 9 years ago			`if (!user) {`
[IMPROVE] Update deleteUser errors to be more semantic (#12380) 7 years ago			`throw new Meteor.Error('error-invalid-user', 'Invalid user to delete', {`
Add new eslint rules (#11800) 7 years ago			`method: 'deleteUser',`
Convert /server/methods to JS 9 years ago			`});`
			`}`

[IMPROVE] Prevent "App user" from being deleted by the admin (#16373) 6 years ago			`if (user.type === 'app') {`
			`throw new Meteor.Error('error-cannot-delete-app-user', 'Deleting app user is not allowed', {`
			`method: 'deleteUser',`
			`});`
			`}`

refactor: remove Users from fibers 14 (#28780) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`const adminCount = await Users.col.countDocuments({ roles: 'admin' });`
Convert /server/methods to JS 9 years ago
[FIX] Error preventing from removing users without a role (#19204) 5 years ago			`const userIsAdmin = user.roles?.indexOf('admin') > -1;`
Convert /server/methods to JS 9 years ago
			`if (adminCount === 1 && userIsAdmin) {`
			`throw new Meteor.Error('error-action-not-allowed', 'Leaving the app without admins is not allowed', {`
			`method: 'deleteUser',`
Add new eslint rules (#11800) 7 years ago			`action: 'Remove_last_admin',`
Convert /server/methods to JS 9 years ago			`});`
			`}`

Chore: Convert Fiber models to async Step 1 (#23633) Co-authored-by: Diego Sampaio <chinello@gmail.com> Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 4 years ago			`await deleteUser(userId, confirmRelinquish);`
Convert /server/methods to JS 9 years ago
refactor: Move callbacks to async (#29051) 3 years ago			`await callbacks.run('afterDeleteUser', user);`
[NEW] Seats Cap (#23017) * Base commit * [NEW] licenses.maxActiveUsers endpoint (#23011) * [IMPROVE] Banner Service (#22989) * WIP * Fix type import Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat> * [NEW] canAddNewUser function * [NEW] Seats usage bar (#23018) * usage bar component * Seats limit in admin users page * Remove dangling console.log * Add some details on StatisticsEndpoint type * Move to EE and use new endpoint * Rename some components and hooks * Refactor UsersPage Co-authored-by: Gabriel Henriques <gabriel.henriques@rocket.chat> * Fix edit and info page * [NEW] Seats Card (#23077) * Seats Card * Fix review, make ts * Fix review * Add type guard for CardIcon props Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat> * [NEW] Seats Cap: Request seats link (#23151) * create endpoint and consume it in the ui * Fix review * Remove unused param type Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat> * [NEW] Remove license downgrade if exceeding seats cap (#23220) * [IMPROVE] Ensure Seats-cap design and UI are the same (#23222) * Fix labels and buttons * Reload seats cap data on user changes * Use Fuselage on development version Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat> * [NEW] Prevent users from accidentally deactivating an enterprise license by adding more users than the license allows. (#23050) Co-authored-by: Gabriel Henriques <gabriel.henriques@rocket.chat> Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat> * [NEW] stats on seats request (#23225) Co-authored-by: Gabriel Henriques <gabriel.henriques@rocket.chat> * [NEW] Seats cap banners (#23211) * [NEW] Prevent users from accidentally deactivating an enterprise license by adding more users than the license allows. * Seats cap banners * Deprecate preserveDismiss * use request seats link * Fix banner not closing and request seats link Co-authored-by: Pierre Lehnen <pierre.lehnen@rocket.chat> * [FIX] Banner not parsing markdown (#23036) * Parse markdown * Use markdownText * Fix translations * Move startup * Always create seats limit banners * Remove uneffective conditional * [FIX] Seats Cap QA reports (#23272) * Fix create banner and link * Remove call from startup * QA * Improve readability * Avoid using an outdated absolute URL * Embedded counters into translation strings Co-authored-by: Tasso Evangelista <tasso.evangelista@rocket.chat> * Patch object-path so Snyk stop complaining Co-authored-by: pierre-lehnen-rc <55164754+pierre-lehnen-rc@users.noreply.github.com> Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> Co-authored-by: Pierre Lehnen <pierre.lehnen@rocket.chat> Co-authored-by: Gabriel Henriques <gabriel.henriques@rocket.chat> Co-authored-by: gabriellsh <40830821+gabriellsh@users.noreply.github.com> Co-authored-by: Gabriel Thomé <38537062+g-thome@users.noreply.github.com> 4 years ago
[NEW] Add user events for apps (#25165) * Add user events for apps * Remove trycatch validation * Get the user entity after the update * Trigger events when the user updates his profile or deletes his account * Update Apps-Engine * Make update return doc after update * Find user after the update to trigger event with correct data * Change where clause to use userData instead of userId * Update apps-engine 4 years ago			`// App IPostUserDeleted event hook`
refactor: Meteor.user to Meteor.userAsync 1 (#28629) Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> 3 years ago			`await Apps.triggerEvent(AppEvents.IPostUserDeleted, { user, performedBy: await Meteor.userAsync() });`
[NEW] Add user events for apps (#25165) * Add user events for apps * Remove trycatch validation * Get the user entity after the update * Trigger events when the user updates his profile or deletes his account * Update Apps-Engine * Make update return doc after update * Find user after the update to trigger event with correct data * Change where clause to use userData instead of userId * Update apps-engine 4 years ago
Convert /server/methods to JS 9 years ago			`return true;`
Add new eslint rules (#11800) 7 years ago			`},`
Convert /server/methods to JS 9 years ago			`});`