Delete user - DELETE /api/users/:userId

[MessiasLima]

Background

This ticket outlines the implementation of a new API endpoint to allow for the deletion of a user account. This functionality is crucial for compliance with data privacy regulations (e.g., GDPR, CCPA) which require users to have the right to erase their personal data. It also provides necessary administrative capabilities for managing user accounts. The feature will involve creating a DELETE /api/users/:userId endpoint that, when called with appropriate authorization, will remove the specified user and their associated data from the system.

Acceptance criteria

• GIVEN an authenticated user with administrative privileges,
  WHEN a DELETE request is sent to /api/users/:userId with a valid userId,
  THEN the user account corresponding to userId is successfully removed from the database
  AND a 204 No Content response is returned.
• GIVEN an authenticated user with administrative privileges,
  WHEN a DELETE request is sent to /api/users/:userId with a userId that does not exist,
  THEN a 404 Not Found response is returned.
• GIVEN an unauthenticated user or a user without administrative privileges,
  WHEN a DELETE request is sent to /api/users/:userId,
  THEN a 401 Unauthorized or 403 Forbidden response is returned.
• GIVEN a user account is deleted,
  WHEN associated data (e.g., settings, activity logs, etc.) is present,
  THEN all directly associated data for that user is also removed or anonymized according to data retention policies.