implements delete rbacuser

src/main/resources/api-definition.yaml

@@ -17,7 +17,7 @@ paths:
         $ref: "./api-definition/rbac-users-with-id-permissions.yaml"
 
     /api/rbac-users/{userUuid}:
-        $ref: "./api-definition/rbac-users-with-id.yaml"
+        $ref: "./api-definition/rbac-users-with-uuid.yaml"
 
     /api/rbac-roles:
         $ref: "./api-definition/rbac-roles.yaml"

src/main/resources/api-definition/rbac-users-with-uuid.yaml

@@ -24,3 +24,28 @@ get:
             $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
         "403":
             $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'
+
+
+delete:
+    tags:
+        - rbacusers
+    operationId: deleteUserByUuid
+    parameters:
+        - $ref: './api-definition/auth.yaml#/components/parameters/currentUser'
+        - $ref: './api-definition/auth.yaml#/components/parameters/assumedRoles'
+        - name: userUuid
+          in: path
+          required: true
+          schema:
+              type: string
+              format: uuid
+          description: UUID of the user to delete.
+    responses:
+        "204":
+            description: No Content
+        "401":
+            $ref: './api-definition/error-responses.yaml#/components/responses/Unauthorized'
+        "403":
+            $ref: './api-definition/error-responses.yaml#/components/responses/Forbidden'
+        "404":
+            $ref: './api-definition/error-responses.yaml#/components/responses/NotFound'

src/main/resources/db/changelog/055-rbac-views.sql

@@ -209,7 +209,9 @@ create or replace view RbacUser_rv as
             union
             select users.*
                 from RbacUser as users
-                where cardinality(assumedRoles()) = 0 and  currentUserUuid() = users.uuid
+                where cardinality(assumedRoles()) = 0 and
+                        (currentUserUuid() = users.uuid or hasGlobalRoleGranted(currentUserUuid()))
+
         ) as unordered
         -- @formatter:on
         order by unordered.name;
@@ -250,7 +252,35 @@ create trigger insertRbacUser_Trigger
     on RbacUser_rv
     for each row
 execute function insertRbacUser();
+--//
 
+-- ============================================================================
+--changeset rbac-views-USER-RV-DELETE-TRIGGER:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+/**
+    Instead of delete trigger function for RbacUser_RV.
+ */
+create or replace function deleteRbacUser()
+    returns trigger
+    language plpgsql as $$
+begin
+    if currentUserUuid() = old.uuid or hasGlobalRoleGranted(currentUserUuid()) then
+        delete from RbacUser where uuid = old.uuid;
+        return old;
+    end if;
+    raise exception '[403] User % not allowed to delete user uuid %', currentUser(), old.uuid;
+end; $$;
+
+/*
+    Creates an instead of delete trigger for the RbacUser_rv view.
+ */
+create trigger deleteRbacUser_Trigger
+    instead of delete
+    on RbacUser_rv
+    for each row
+execute function deleteRbacUser();
+--/
 
 -- ============================================================================
 --changeset rbac-views-OWN-GRANTED-PERMISSIONS-VIEW:1 endDelimiter:--//