Rocket.Chat/server/methods/deleteUser.coffee

Meteor.methods
	deleteUser: (userId) ->

		check userId, String

		if not Meteor.userId()
			throw new Meteor.Error 'error-invalid-user', "Invalid user", { method: 'deleteUser' }

		user = RocketChat.models.Users.findOneById Meteor.userId()

		unless RocketChat.authz.hasPermission(Meteor.userId(), 'delete-user') is true
			throw new Meteor.Error 'error-not-allowed', "Not allowed", { method: 'deleteUser' }

		user = RocketChat.models.Users.findOneById userId
		unless user?
			throw new Meteor.Error 'error-invalid-user', "Invalid user", { method: 'deleteUser' }

		# prevent deleting last admin
		adminCount = Meteor.users.find({ roles: { $in: ['admin'] } }).count()
		userIsAdmin = user.roles.indexOf('admin') > -1
		if adminCount is 1 and userIsAdmin
			throw new Meteor.Error 'error-action-not-allowed', 'Leaving the app without admins is not allowed', { method: 'deleteUser', action: 'Remove_last_admin' }

		RocketChat.deleteUser(userId)

		return true
Settings/Users 11 years ago			`Meteor.methods`
			`deleteUser: (userId) ->`
no message 9 years ago
			`check userId, String`

Settings/Users 11 years ago			`if not Meteor.userId()`
Close #2727 Change meteor error (#3040) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root * handleError: avatar * handleError: getStatistics * handleError: roomSetting * handleError: channelSettings * handleError: sendInvitationEmail * handleError: addUserToRoom * handleError: uploadedFilesList * Change error key on user edit * handleError: userInfo * handleError: userRegistration * handleError: createChannel * handleError: createPrivateGroup * handleError: setUserPassword * handleError setUserActiveStatus * handleError: accoutns * A few more errors thrown * Error: livechat publishes * Errors in methods * handleError searchAgent * Add errors handling More errors handling Auto-translation for all languages * Permalink 10 years ago			`throw new Meteor.Error 'error-invalid-user', "Invalid user", { method: 'deleteUser' }`
Replace all Meteor.users.findOne 10 years ago
			`user = RocketChat.models.Users.findOneById Meteor.userId()`
Merge branch 'master' into models # Conflicts: # server/lib/accounts.coffee # server/methods/deleteMessage.coffee # server/methods/deleteUser.coffee # server/methods/eraseRoom.coffee # server/methods/setUserActiveStatus.coffee # server/methods/updateMessage.coffee # server/publications/adminRooms.coffee # server/publications/fullUserData.coffee # server/publications/userChannels.coffee # server/startup/initialData.coffee 10 years ago
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution. 10 years ago			`unless RocketChat.authz.hasPermission(Meteor.userId(), 'delete-user') is true`
Close #2727 Change meteor error (#3040) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root * handleError: avatar * handleError: getStatistics * handleError: roomSetting * handleError: channelSettings * handleError: sendInvitationEmail * handleError: addUserToRoom * handleError: uploadedFilesList * Change error key on user edit * handleError: userInfo * handleError: userRegistration * handleError: createChannel * handleError: createPrivateGroup * handleError: setUserPassword * handleError setUserActiveStatus * handleError: accoutns * A few more errors thrown * Error: livechat publishes * Errors in methods * handleError searchAgent * Add errors handling More errors handling Auto-translation for all languages * Permalink 10 years ago			`throw new Meteor.Error 'error-not-allowed', "Not allowed", { method: 'deleteUser' }`
Settings/Users 11 years ago
Replace all Meteor.users.findOne 10 years ago			`user = RocketChat.models.Users.findOneById userId`
Delete user 11 years ago			`unless user?`
Close #2727 Change meteor error (#3040) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root * handleError: avatar * handleError: getStatistics * handleError: roomSetting * handleError: channelSettings * handleError: sendInvitationEmail * handleError: addUserToRoom * handleError: uploadedFilesList * Change error key on user edit * handleError: userInfo * handleError: userRegistration * handleError: createChannel * handleError: createPrivateGroup * handleError: setUserPassword * handleError setUserActiveStatus * handleError: accoutns * A few more errors thrown * Error: livechat publishes * Errors in methods * handleError searchAgent * Add errors handling More errors handling Auto-translation for all languages * Permalink 10 years ago			`throw new Meteor.Error 'error-invalid-user', "Invalid user", { method: 'deleteUser' }`
Delete user 11 years ago
Prevent last admin removal (#3971) * More admin checks # Conflicts: # packages/rocketchat-lib/server/methods/insertOrUpdateUser.coffee * missing server side validation # Conflicts: # packages/rocketchat-ui-flextab/flex-tab/tabs/userEdit.coffee * Remove last admin check for removeUserFromRoom * Move and fix last admin check for role removal Check was on change admin status method, but that didn’t catch direct removal of user from role admin view. * Fix last admin check for insert/update/delete user Was checking if only one admin but not if the updated user was admin, preventing all updates. * Allow translation of last admin error * Fix assigning admin permission bypass 10 years ago			`# prevent deleting last admin`
			`adminCount = Meteor.users.find({ roles: { $in: ['admin'] } }).count()`
			`userIsAdmin = user.roles.indexOf('admin') > -1`
			`if adminCount is 1 and userIsAdmin`
			`throw new Meteor.Error 'error-action-not-allowed', 'Leaving the app without admins is not allowed', { method: 'deleteUser', action: 'Remove_last_admin' }`

Close #2708 Remove user's avatar from filesystem when deleting the user (#2853) 10 years ago			`RocketChat.deleteUser(userId)`
Delete user 11 years ago
Replace all Meteor.users.findOne 10 years ago			`return true`