You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(web): guard EE user deletion behind SCIM and unify user API shape
DELETE /api/ee/user now returns membershipManagedByIdpError when SCIM is
enabled (the IdP owns membership), matching the existing member-management
actions. It also delegates to removeMember, so it does an org-scoped
membership removal with last-owner protection and credential revocation
instead of a raw global user delete. The self-delete guard is removed;
removeMember's last-owner protection covers the risky case.
GET /api/ee/user and GET /api/ee/users now return an identical user shape
via a shared toPublicUser mapper. The singular GET is now scoped to org
membership (404 for non-members) instead of a global user lookup, and
lastActivityAt is sourced from UserToOrg.lastActiveAt (dropping a per-member
audit query / N+1).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
"description": "Fetches profile details for a single organization member by `userId`. Only organization owners can access this endpoint.",
2273
+
"description": "Fetches details for a single organization member by `userId`. Only organization owners can access this endpoint.",
2295
2274
"x-mint": {
2296
2275
"content": "<Note>\nThis API is only available with an active Sourcebot license. [More information](/docs/activating-a-subscription).\n</Note>"
2297
2276
},
@@ -2339,7 +2318,7 @@
2339
2318
}
2340
2319
},
2341
2320
"404": {
2342
-
"description": "User not found.",
2321
+
"description": "User is not a member of this organization.",
2343
2322
"content": {
2344
2323
"application/json": {
2345
2324
"schema": {
@@ -2365,26 +2344,26 @@
2365
2344
"tags": [
2366
2345
"Enterprise (EE)"
2367
2346
],
2368
-
"summary": "Delete a user",
2369
-
"description": "Permanently deletes a user and all associated records. Only organization owners can delete other users.",
2347
+
"summary": "Remove a user from the organization",
2348
+
"description": "Removes a user from the organization, revoking their access and their sessions. Only organization owners can access this endpoint.",
2370
2349
"x-mint": {
2371
2350
"content": "<Note>\nThis API is only available with an active Sourcebot license. [More information](/docs/activating-a-subscription).\n</Note>"
2372
2351
},
2373
2352
"parameters": [
2374
2353
{
2375
2354
"schema": {
2376
2355
"type": "string",
2377
-
"description": "The ID of the user to delete."
2356
+
"description": "The ID of the user to remove."
2378
2357
},
2379
2358
"required": true,
2380
-
"description": "The ID of the user to delete.",
2359
+
"description": "The ID of the user to remove.",
2381
2360
"name": "userId",
2382
2361
"in": "query"
2383
2362
}
2384
2363
],
2385
2364
"responses": {
2386
2365
"200": {
2387
-
"description": "User deleted successfully.",
2366
+
"description": "User removed successfully.",
2388
2367
"content": {
2389
2368
"application/json": {
2390
2369
"schema": {
@@ -2394,7 +2373,7 @@
2394
2373
}
2395
2374
},
2396
2375
"400": {
2397
-
"description": "Missing userId parameter or attempting to delete own account.",
2376
+
"description": "Missing userId parameter.",
2398
2377
"content": {
2399
2378
"application/json": {
2400
2379
"schema": {
@@ -2404,7 +2383,7 @@
2404
2383
}
2405
2384
},
2406
2385
"403": {
2407
-
"description": "Insufficient permissions.",
2386
+
"description": "Insufficient permissions, the last active owner cannot be removed, or SCIM provisioning is enabled (membership is managed through your identity provider).",
2408
2387
"content": {
2409
2388
"application/json": {
2410
2389
"schema": {
@@ -2414,7 +2393,7 @@
2414
2393
}
2415
2394
},
2416
2395
"404": {
2417
-
"description": "User not found.",
2396
+
"description": "User is not a member of this organization.",
0 commit comments