29 lines
985 B
Markdown
29 lines
985 B
Markdown
|
# Suspend and Delete Users
|
||
|
|
|
||
|
|
**ID:** ADM-002
|
||
|
|
**Priority:** High
|
||
|
|
**Status:** Planned
|
||
|
|
|
||
|
|
## User Story
|
||
|
|
As a platform administrator, I want to suspend and delete user accounts so that I can handle policy violations, security incidents, and account removal requests.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [ ] Admin can search for users by email, name, or ID
|
||
|
|
- [ ] Admin can suspend a user account with reason
|
||
|
|
- [ ] Suspended users cannot log in
|
||
|
|
- [ ] Suspended users' active sessions are invalidated
|
||
|
|
- [ ] Admin can unsuspend accounts
|
||
|
|
- [ ] Admin can permanently delete suspended accounts
|
||
|
|
- [ ] Deletion removes all user data (GDPR compliance)
|
||
|
|
- [ ] Audit log for all suspension/deletion actions
|
||
|
|
|
||
|
|
## Technical Notes
|
||
|
|
- `suspendUser` and `deleteSuspendedUser` endpoints exist
|
||
|
|
- Need admin UI for user management
|
||
|
|
- Consider soft delete with retention period
|
||
|
|
- Handle organization ownership before deletion
|
||
|
|
- Email notification to user on suspension
|
||
|
|
|
||
|
|
## Related TODOs
|
||
|
|
- Partial implementation in UserManager
|