Reintroduce the user-facing export + erasure endpoints, orchestrated over the provider registry (no static cross-module imports).
Scope
modules/users/controllers/users.data.controller.js β getData / deleteData / getMail.
resolveAxes(req) β { user, organizationIds } (resolve the user's orgs so org-axis providers can run).getData: usersExportProjection(getBrut) + runDataExport β { user, ...data, _manifest }.deleteData: require re-auth proof (DataErasureConfirm Zod schema + passwordHelper, password re-entry; OAuth-only accounts fall back to a short-lived confirmation token) β runDataErasure β clear dangling referredBy FK β UserService.remove last.
- Re-add
GET/DELETE /api/users/me/data in users.routes.js (passport jwt + policy.isAllowed).
- Deprecate the legacy
DELETE /api/users so there is a single erasure door (note in MIGRATIONS.md).
usersExportProjection: exclude password, reset/verification tokens, lockout counters; strip OAuth accessToken/refreshToken.
DoD
Depends on: GDPR registry leaf.
Created via /dev:issue
Reintroduce the user-facing export + erasure endpoints, orchestrated over the provider registry (no static cross-module imports).
Scope
modules/users/controllers/users.data.controller.jsβgetData/deleteData/getMail.resolveAxes(req)β{ user, organizationIds }(resolve the user's orgs so org-axis providers can run).getData:usersExportProjection(getBrut)+runDataExportβ{ user, ...data, _manifest }.deleteData: require re-auth proof (DataErasureConfirmZod schema +passwordHelper, password re-entry; OAuth-only accounts fall back to a short-lived confirmation token) βrunDataErasureβ clear danglingreferredByFK βUserService.removelast.GET/DELETE /api/users/me/datainusers.routes.js(passportjwt +policy.isAllowed).DELETE /api/usersso there is a single erasure door (note inMIGRATIONS.md).usersExportProjection: excludepassword, reset/verification tokens, lockout counters; strip OAuthaccessToken/refreshToken.DoD
/verify+/dev:verify-qagreen.Depends on: GDPR registry leaf.
Created via /dev:issue