feat(core): Support create, delete, edit role for users in Public API (#10279)

packages/cli/src/PublicApi/v1/handlers/users/spec/paths/users.id.role.yml

@@ -0,0 +1,31 @@
+patch:
+  x-eov-operation-id: changeRole
+  x-eov-operation-handler: v1/handlers/users/users.handler.ee
+  tags:
+    - User
+  summary: Change a user's global role
+  description: Change a user's global role
+  parameters:
+    - $ref: '../schemas/parameters/userIdentifier.yml'
+  requestBody:
+    description: New role for the user
+    required: true
+    content:
+      application/json:
+        schema:
+          type: object
+          properties:
+            newRoleName:
+              type: string
+              enum: [global:admin, global:member]
+          required:
+            - newRoleName
+  responses:
+    '200':
+      description: Operation successful.
+    '401':
+      $ref: '../../../../shared/spec/responses/unauthorized.yml'
+    '403':
+      $ref: '../../../../shared/spec/responses/forbidden.yml'
+    '404':
+      $ref: '../../../../shared/spec/responses/notFound.yml'

packages/cli/src/PublicApi/v1/handlers/users/spec/paths/users.id.yml

@@ -17,3 +17,21 @@ get:
             $ref: '../schemas/user.yml'
     '401':
       $ref: '../../../../shared/spec/responses/unauthorized.yml'
+delete:
+  x-eov-operation-id: deleteUser
+  x-eov-operation-handler: v1/handlers/users/users.handler.ee
+  tags:
+    - User
+  summary: Delete a user
+  description: Delete a user from your instance.
+  parameters:
+    - $ref: '../schemas/parameters/userIdentifier.yml'
+  responses:
+    '204':
+      description: Operation successful.
+    '401':
+      $ref: '../../../../shared/spec/responses/unauthorized.yml'
+    '403':
+      $ref: '../../../../shared/spec/responses/forbidden.yml'
+    '404':
+      $ref: '../../../../shared/spec/responses/notFound.yml'

packages/cli/src/PublicApi/v1/handlers/users/spec/paths/users.yml

@@ -18,3 +18,53 @@ get:
             $ref: '../schemas/userList.yml'
     '401':
       $ref: '../../../../shared/spec/responses/unauthorized.yml'
+post:
+  x-eov-operation-id: createUser
+  x-eov-operation-handler: v1/handlers/users/users.handler.ee
+  tags:
+    - User
+  summary: Create multiple users
+  description: Create one or more users.
+  requestBody:
+    description: Array of users to be created.
+    required: true
+    content:
+      application/json:
+        schema:
+          type: array
+          items:
+            type: object
+            properties:
+              email:
+                type: string
+                format: email
+              role:
+                type: string
+                enum: [global:admin, global:member]
+            required:
+              - email
+  responses:
+    '200':
+      description: Operation successful.
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              user:
+                type: object
+                properties:
+                  id:
+                    type: string
+                  email:
+                    type: string
+                  inviteAcceptUrl:
+                    type: string
+                  emailSent:
+                    type: boolean
+              error:
+                type: string
+    '401':
+      $ref: '../../../../shared/spec/responses/unauthorized.yml'
+    '403':
+      $ref: '../../../../shared/spec/responses/forbidden.yml'

packages/cli/src/PublicApi/v1/handlers/users/users.handler.ee.ts

@@ -6,11 +6,19 @@ import { clean, getAllUsersAndCount, getUser } from './users.service.ee';
 import { encodeNextCursor } from '../../shared/services/pagination.service';
 import {
 	globalScope,
+	isLicensed,
 	validCursor,
 	validLicenseWithUserQuota,
 } from '../../shared/middlewares/global.middleware';
 import type { UserRequest } from '@/requests';
 import { InternalHooks } from '@/InternalHooks';
+import type { Response } from 'express';
+import { InvitationController } from '@/controllers/invitation.controller';
+import { UsersController } from '@/controllers/users.controller';
+
+type Create = UserRequest.Invite;
+type Delete = UserRequest.Delete;
+type ChangeRole = UserRequest.ChangeRole;
 
 export = {
 	getUser: [
@@ -68,4 +76,29 @@ export = {
 			});
 		},
 	],
+	createUser: [
+		globalScope('user:create'),
+		async (req: Create, res: Response) => {
+			const usersInvited = await Container.get(InvitationController).inviteUser(req);
+
+			return res.status(201).json(usersInvited);
+		},
+	],
+	deleteUser: [
+		globalScope('user:delete'),
+		async (req: Delete, res: Response) => {
+			await Container.get(UsersController).deleteUser(req);
+
+			return res.status(204).send();
+		},
+	],
+	changeRole: [
+		isLicensed('feat:advancedPermissions'),
+		globalScope('user:changeRole'),
+		async (req: ChangeRole, res: Response) => {
+			await Container.get(UsersController).changeGlobalRole(req);
+
+			return res.status(204).send();
+		},
+	],
 };

packages/cli/src/PublicApi/v1/openapi.yml

@@ -70,6 +70,8 @@ paths:
     $ref: './handlers/users/spec/paths/users.yml'
   /users/{id}:
     $ref: './handlers/users/spec/paths/users.id.yml'
+  /users/{id}/role:
+    $ref: './handlers/users/spec/paths/users.id.role.yml'
   /source-control/pull:
     $ref: './handlers/sourceControl/spec/paths/sourceControl.yml'
   /variables: