Disable user (Admin only)
DELETE/company/users/delete/:id
Disables a user by setting status=false. The user remains in the database but cannot log in.
Objective
Allow administrators to temporarily disable users without permanently deleting them from the database.
Use Cases
- Temporarily disable a user
- Suspend access while investigating an incident
- Temporarily block a user for security reasons
Authentication & Authorization
- Requires a valid JWT (middleware m.isLogged)
- Requires admin or dev role (middleware m.isAdmin)
Behavior
- Searches for a user by ID
- Sets user.status = false
- Returns the updated user
- Does not delete the record from the database
Notes
- This endpoint only disables (status=false)
- Does NOT physically delete the record
- Different from DELETE /:id which performs a soft delete
- The user can be reactivated by changing status to true
Comparison
- DELETE /:id: Complete soft delete (deleted=true, deletedAt set)
- DELETE /delete/:id: Only disables (status=false)
- PUT /disabled/disable/:id: Soft delete with an additional reason
Request
Responses
- 200
- 401
- 403
- 404
User successfully disabled
Unauthorized (admin or dev role required)
Forbidden (user is not an administrator)
User not found