Management API: Add user data delete endpoint (closes #19793) (#20040)

* Add user data delete endpoint to the management API * Fix typo and remove unused umbracoMapper * Applied changes from code review. --------- Co-authored-by: Andy Butland <abutland73@gmail.com>
2025-09-20 12:45:14 +02:00
parent 07f0b7c6ae
commit 61c0ab6759
1 changed files with 52 additions and 0 deletions
--- a/src/Umbraco.Cms.Api.Management/Controllers/UserData/DeleteUserDataController.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/UserData/DeleteUserDataController.cs
@@ -0,0 +1,52 @@
+using Asp.Versioning;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Core;
+using Umbraco.Cms.Core.Models.Membership;
+using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core.Services.OperationStatus;
+
+namespace Umbraco.Cms.Api.Management.Controllers.UserData;
+
+[ApiVersion("1.0")]
+public class DeleteUserDataController : UserDataControllerBase
+{
+    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
+    private readonly IUserDataService _userDataService;
+
+    public DeleteUserDataController(
+        IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
+        IUserDataService userDataService)
+    {
+        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
+        _userDataService = userDataService;
+    }
+
+    [HttpDelete("{id:guid}")]
+    [MapToApiVersion("1.0")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(UserDataOperationStatus), StatusCodes.Status400BadRequest)]
+    [ProducesResponseType(typeof(UserDataOperationStatus), StatusCodes.Status404NotFound)]
+    public async Task<IActionResult> Delete(CancellationToken cancellationToken, Guid id)
+    {
+        IUserData? data = await _userDataService.GetAsync(id);
+        if (data is null)
+        {
+            return NotFound();
+        }
+
+        Guid currentUserKey = CurrentUserKey(_backOfficeSecurityAccessor);
+
+        if (data.UserKey != currentUserKey)
+        {
+            return Unauthorized();
+        }
+
+        Attempt<UserDataOperationStatus> attempt = await _userDataService.DeleteAsync(id);
+
+        return attempt.Success
+            ? Ok()
+            : UserDataOperationStatusResult(attempt.Result);
+    }
+}