From 61c0ab6759d832c58c10bfcbd850e6c9999d6f03 Mon Sep 17 00:00:00 2001
From: Mehmet <36473707+ustadstar@users.noreply.github.com>
Date: Sat, 20 Sep 2025 12:45:14 +0200
Subject: [PATCH] Management API: Add user data delete endpoint (closes #19793)
 (#20040)

* Add user data delete endpoint to the management API

* Fix typo and remove unused umbracoMapper

* Applied changes from code review.

---------

Co-authored-by: Andy Butland <abutland73@gmail.com>
---
 .../UserData/DeleteUserDataController.cs      | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 src/Umbraco.Cms.Api.Management/Controllers/UserData/DeleteUserDataController.cs

diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserData/DeleteUserDataController.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserData/DeleteUserDataController.cs
new file mode 100644
index 0000000000..e2bb3e8849
--- /dev/null
+++ b/src/Umbraco.Cms.Api.Management/Controllers/UserData/DeleteUserDataController.cs
@@ -0,0 +1,52 @@
+using Asp.Versioning;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Core;
+using Umbraco.Cms.Core.Models.Membership;
+using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core.Services.OperationStatus;
+
+namespace Umbraco.Cms.Api.Management.Controllers.UserData;
+
+[ApiVersion("1.0")]
+public class DeleteUserDataController : UserDataControllerBase
+{
+    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
+    private readonly IUserDataService _userDataService;
+
+    public DeleteUserDataController(
+        IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
+        IUserDataService userDataService)
+    {
+        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
+        _userDataService = userDataService;
+    }
+
+    [HttpDelete("{id:guid}")]
+    [MapToApiVersion("1.0")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(typeof(UserDataOperationStatus), StatusCodes.Status400BadRequest)]
+    [ProducesResponseType(typeof(UserDataOperationStatus), StatusCodes.Status404NotFound)]
+    public async Task<IActionResult> Delete(CancellationToken cancellationToken, Guid id)
+    {
+        IUserData? data = await _userDataService.GetAsync(id);
+        if (data is null)
+        {
+            return NotFound();
+        }
+
+        Guid currentUserKey = CurrentUserKey(_backOfficeSecurityAccessor);
+
+        if (data.UserKey != currentUserKey)
+        {
+            return Unauthorized();
+        }
+
+        Attempt<UserDataOperationStatus> attempt = await _userDataService.DeleteAsync(id);
+
+        return attempt.Success
+            ? Ok()
+            : UserDataOperationStatusResult(attempt.Result);
+    }
+}