From 83608c050aa449e0b4963ceeb0ce1919288d5ea7 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@miniflux.net>
Date: Mon, 2 Jan 2017 17:40:53 -0500
Subject: [PATCH] Add new API call to remove users

---
 docs/json-rpc-api.markdown   | 30 ++++++++++++++++++++++++++++++
 jsonrpc.php                  |  9 +++++++++
 tests/functional/ApiTest.php | 11 +++++++++++
 3 files changed, 50 insertions(+)

diff --git a/docs/json-rpc-api.markdown b/docs/json-rpc-api.markdown
index 507abad..68162a3 100644
--- a/docs/json-rpc-api.markdown
+++ b/docs/json-rpc-api.markdown
@@ -132,6 +132,36 @@ Response example:
 }
 ```
 
+### removeUser
+
+- Purpose: **Remove a user** (accessible only by administrators)
+- Parameters:
+    - **user_id** (integer)
+- Result on success: **true**
+- Result on failure: **false**
+
+Request example:
+
+```json
+{
+  "jsonrpc": "2.0",
+  "method": "removeUser",
+  "id": 2109613284,
+  "params": [
+    3
+  ]
+}
+```
+
+Response example:
+
+```json
+{
+    "jsonrpc": "2.0",
+    "result": true,
+    "id": 2109613284
+}
+```
 
 ### getUserByUsername
 
diff --git a/jsonrpc.php b/jsonrpc.php
index 7f31145..219455b 100644
--- a/jsonrpc.php
+++ b/jsonrpc.php
@@ -63,6 +63,15 @@ $procedureHandler->withCallback('getUserByUsername', function ($username) {
     return Model\User\get_user_by_username($username);
 });
 
+// Remove user
+$procedureHandler->withCallback('removeUser', function ($user_id) {
+    if (! SessionStorage::getInstance()->isAdmin()) {
+        throw new AccessDeniedException('Reserved to administrators');
+    }
+
+    return Model\User\remove_user($user_id);
+});
+
 // Get all feeds
 $procedureHandler->withCallback('getFeeds', function () {
     $user_id = SessionStorage::getInstance()->getUserId();
diff --git a/tests/functional/ApiTest.php b/tests/functional/ApiTest.php
index af49186..f8425e1 100644
--- a/tests/functional/ApiTest.php
+++ b/tests/functional/ApiTest.php
@@ -45,6 +45,17 @@ class ApiTest extends BaseApiTest
         $this->getApiClient($user)->getUserByUsername('admin');
     }
 
+    public function testRemoveUser()
+    {
+        $userId = $this->getApiClient()->createUser(array(
+            'username' => 'api_test2',
+            'password' => 'test123',
+        ));
+
+        $this->assertNotFalse($userId);
+        $this->assertTrue($this->getApiClient()->removeUser($userId));
+    }
+
     public function testCreateFeed()
     {
         $this->assertNotFalse($this->getApiClient()->createFeed(array(