Soft disable user with reason (Admin only)
PUT/company/users/disabled/disable/:id
Disable a user with soft delete (preferred method over simple DELETE)
allowing to save a reason and explanatory message.
Objective
Allow administrators to disable users in a controlled manner with
reason logging, facilitating auditing and possible reactivation.
Use Cases
- Disable user for non-payment
- Suspend account for policy violation
- Temporarily block a user with documented reason
- Disable employee who leaves the company
Authentication & Authorization
- Requires valid JWT (middleware m.isloged)
- Requires admin or dev role (middleware m.isAdmin)
Behavior
- Executes user.delete() (mongoose-delete soft delete)
- Sets status = false
- Updates reason fields: reason, reasonMessage
- Saves disable date in reasonDate
- Automatically sets deleted = true and deletedAt
Request Body
- reason: Reason for disabling (default: BAD_USER)
- message: Optional explanatory message
Comparison with other disable methods
- DELETE /:id: Simple soft delete (deleted=true)
- DELETE /delete/:id: Only disables (status=false)
- PUT /disabled/disable/:id: Soft delete + reason + message (RECOMMENDED)
Process
- Find user by ID
- If not found, return 404
- Execute user.delete() for soft delete
- Update reason and reasonMessage from body
- Set reasonDate = now
- Set status = false
- Save changes
- Return confirmation with deletedAt
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 500
User successfully disabled with soft delete.
Invalid request (ID not provided)
Unauthorized (admin or dev role required)
Forbidden (user is not an administrator)
User not found
Error disabling user