Delete user with soft delete (Admin only)
DELETE/company/users/:id
Permanently delete a user using soft delete (mongoose-delete). The user will no longer appear in normal queries but can be recovered.
Objective
Allow administrators to safely delete users with the possibility of recovery via soft delete.
Use Cases
- Delete a user who no longer works at the company
- Delete duplicate accounts
- Delete test users
Authentication & Authorization
- Requires a valid JWT (middleware m.isLoged)
- Requires admin or dev role (middleware m.isAdmin)
Behavior
- Uses user.delete() from mongoose-delete (soft delete)
- Sets deleted: true and deletedAt with the current date
- User no longer appears in normal queries
- Recoverable via the POST /disabled/reactivate/:id endpoint
Notes
- Different from DELETE /delete/:id which only disables (status=false)
- This endpoint completely deletes the record (though recoverable)
Validation Flow
flowchart TD
A[Receive DELETE /:id] --> B{Admin User?}
B -->|No| C[403 Forbidden]
B -->|Yes| D{User Exists?}
D -->|No| E[404 Not Found]
D -->|Yes| F[Execute soft delete]
F --> G[Set deleted: true]
G --> H[Set deletedAt]
H --> I[Return 200 OK]
Request
Responses
- 200
- 401
- 403
- 404
User successfully deleted (soft delete)
Unauthorized (admin or dev role required)
Forbidden (user is not an administrator)
User not found