The frontend already implements user deletion as an admin, calling DELETE /v1/users/{userUid}. This still needs to be added as a backend endpoint.
The backend also needs to verify admins cannot delete "higher ranking" admins, especially users with global wildcard or the admin.superadmin permissions. This check also needs to be applied to the user details update endpoint.
Tasks
[x] Add endpoint to delete users as an user admin
[x] Add check for admin "level"/permisisons
[x] Add check for admin "level"/permissions to user details update endpoint
The frontend already implements user deletion as an admin, calling
DELETE /v1/users/{userUid}
. This still needs to be added as a backend endpoint. The backend also needs to verify admins cannot delete "higher ranking" admins, especially users with global wildcard or theadmin.superadmin
permissions. This check also needs to be applied to the user details update endpoint.Tasks