feat: adds new endpoint to disable Contacts by id #36589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

kodiakhq merged 47 commits into develop from feat/CTZ-173

Aug 26, 2025

.changeset/five-carpets-perform.md

-Original file line number
+Diff line change
@@ -0,0 +1,9 @@
+    ---
+    "@rocket.chat/meteor": minor
+    "@rocket.chat/i18n": minor
+    "@rocket.chat/model-typings": minor
+    "@rocket.chat/models": minor
+    "@rocket.chat/rest-typings": minor
+    ---
+    Adds new endpoint to disable Livechat Contacts by its id, with a new permission `delete-livechat-contact`.

apps/meteor/app/authorization/server/constant/permissions.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -106,6 +106,10 @@ export const permissions = [ @@
     		_id: 'view-livechat-contact',
     		roles: ['livechat-manager', 'livechat-monitor', 'livechat-agent', 'admin'],
     	},
+    	{
+    		_id: 'delete-livechat-contact',
+    		roles: ['livechat-manager', 'admin'],
+    	},
     	{
     		_id: 'view-livechat-contact-history',
     		roles: ['livechat-manager', 'livechat-monitor', 'livechat-agent', 'admin'],
@@ Expand Down @@

apps/meteor/app/livechat/server/api/v1/contact.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -8,15 +8,22 @@ import { @@
     	isGETOmnichannelContactsSearchProps,
     	isGETOmnichannelContactsCheckExistenceProps,
     	isPOSTOmnichannelContactsConflictsProps,
+    	isPOSTOmnichannelContactDeleteProps,
+    	POSTOmnichannelContactDeleteSuccessSchema,
+    	validateBadRequestErrorResponse,
+    	validateUnauthorizedErrorResponse,
+    	validateForbiddenErrorResponse,
     } from '@rocket.chat/rest-typings';
     import { escapeRegExp } from '@rocket.chat/string-helpers';
     import { removeEmpty } from '@rocket.chat/tools';
     import { Match, check } from 'meteor/check';
     import { Meteor } from 'meteor/meteor';
     import { API } from '../../../../api/server';
+    import type { ExtractRoutesFromAPI } from '../../../../api/server/ApiClass';
     import { getPaginationItems } from '../../../../api/server/helpers/getPaginationItems';
     import { createContact } from '../../lib/contacts/createContact';
+    import { disableContactById } from '../../lib/contacts/disableContact';
     import { getContactChannelsGrouped } from '../../lib/contacts/getContactChannelsGrouped';
     import { getContactHistory } from '../../lib/contacts/getContactHistory';
     import { getContacts } from '../../lib/contacts/getContacts';
@@ Expand Down Expand Up / @@ -224,3 +231,39 @@ API.v1.addRoute( @@
     		},
     	},
     );
+    const omnichannelContactsEndpoints = API.v1.post(
+    	'omnichannel/contacts.delete',
+    	{
+    		response: {
+: POSTOmnichannelContactDeleteSuccessSchema,
+: validateBadRequestErrorResponse,
+: validateUnauthorizedErrorResponse,
+: validateForbiddenErrorResponse,
+    		},
+    		authRequired: true,
+    		permissionsRequired: ['delete-livechat-contact'],
+    		body: isPOSTOmnichannelContactDeleteProps,
+    	},
+    	async function action() {
+    		const { contactId } = this.bodyParams;
+    		try {
+    			await disableContactById(contactId);
+    			return API.v1.success();
+    		} catch (error) {
+    			if (!(error instanceof Error)) {
+    				return API.v1.failure('error-invalid-contact');
+    			}
+    			return API.v1.failure(error.message);
+    		}
+    	},
+    );
+    type OmnichannelContactsEndpoints = ExtractRoutesFromAPI<typeof omnichannelContactsEndpoints>;
+    declare module '@rocket.chat/rest-typings' {
+    	// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
+    	interface Endpoints extends OmnichannelContactsEndpoints {}
+    }

apps/meteor/app/livechat/server/lib/contacts/disableContact.ts

-Original file line number
+Diff line change
@@ -0,0 +1,23 @@
+    import type { ILivechatContact } from '@rocket.chat/core-typings';
+    import { LivechatContacts, LivechatRooms } from '@rocket.chat/models';
+    import { settings } from '../../../../settings/server';
+    import { removeGuest } from '../guests';
+    export async function disableContactById(contactId: string): Promise<void> {
+    	const contact = await LivechatContacts.findOneEnabledById<Pick<ILivechatContact, '_id' | 'channels'>>(contactId);
+    	if (!contact) {
+    		throw new Error('error-contact-not-found');
+    	}
+    	// Checking if the contact has any open channel/room before removing its data.
+    	const contactOpenRooms = await LivechatRooms.checkContactOpenRooms(contactId);
+    	if (contactOpenRooms && !settings.get<boolean>('Livechat_Allow_collect_and_store_HTTP_header_informations')) {
+    		throw new Error('error-contact-has-open-rooms');
+    	}
+    	// Cleaning contact/visitor data;
+    	await Promise.all(contact.channels.map((channel) => removeGuest({ _id: channel.visitor.visitorId })));
+    	await LivechatContacts.disableByContactId(contactId);
+    }

apps/meteor/app/livechat/server/lib/guests.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -74,7 +74,7 @@ export async function saveGuest( @@
     	return ret;
     }
-    async function removeGuest({ _id }: { _id: string }) {
+    export async function removeGuest({ _id }: { _id: string }) {
     	await cleanGuestHistory(_id);
     	return LivechatVisitors.disableById(_id);
     }
@@ Expand Down @@

apps/meteor/tests/end-to-end/api/livechat/contacts.ts

-Original file line number
+Diff line change
@@ Expand Up / @@ -1073,6 +1073,105 @@ describe('LIVECHAT - contacts', () => { @@
     		});
     	});
+    	describe('[POST] omnichannel/contacts.delete', () => {
+    		let contactId: string;
+    		let roomId: string;
+    		const email = faker.internet.email().toLowerCase();
+    		const phone = faker.phone.number();
+    		const contact = {
+    			name: faker.person.fullName(),
+    			emails: [email],
+    			phones: [phone],
+    			contactManager: agentUser?._id,
+    		};
+    		before(async () => {
+    			await updateSetting('Livechat_Allow_collect_and_store_HTTP_header_informations', true);
+    			const { body } = await request
+    				.post(api('omnichannel/contacts'))
+    				.set(credentials)
+    				.send({ ...contact });
+    			contactId = body.contactId;
+    			const visitor = await createVisitor(undefined, contact.name, email, phone);
+    			const room = await createLivechatRoom(visitor.token);
+    			roomId = room._id;
+    		});
+    		after(async () => {
+    			await closeOmnichannelRoom(roomId);
+    		});
+    		it('should be able to disable a contact by its id', async () => {
+    			const response = await request.post(api(`omnichannel/contacts.delete`)).set(credentials).send({ contactId });
+    			expect(response.status).to.be.equal(200);
+    			expect(response.body).to.have.property('success', true);
+    		});
+    		it('should return an error if the contact is not found', async () => {
+    			const response = await request.post(api(`omnichannel/contacts.delete`)).set(credentials).send({ contactId });
+    			expect(response.status).to.be.equal(400);
+    			expect(response.body).to.have.property('success', false);
+    			expect(response.body.error).to.be.equal('error-contact-not-found');
+    		});
+    		describe('[PERMISSIONS] omnichannel/contacts.delete', () => {
+    			before(async () => {
+    				await removePermissionFromAllRoles('delete-livechat-contact');
+    			});
+    			after(async () => {
+    				await restorePermissionToRoles('delete-livechat-contact');
+    			});
+    			it("should return an error if user doesn't have 'delete-livechat-contact' permission", async () => {
+    				const response = await request.post(api(`omnichannel/contacts.delete`)).set(credentials).send({ contactId });
+    				expect(response.status).to.be.equal(403);
+    				expect(response.body).to.have.property('success', false);
+    				expect(response.body.error).to.be.equal('User does not have the permissions required for this action [error-unauthorized]');
+    			});
+    		});
+    		describe('[GDPR Setting] omnichannel/contacts.delete', () => {
+    			before(async () => {
+    				await updateSetting('Livechat_Allow_collect_and_store_HTTP_header_informations', false);
+    				const { body } = await request
+    					.post(api('omnichannel/contacts'))
+    					.set(credentials)
+    					.send({ ...contact });
+    				contactId = body.contactId;
+    				const visitor = await createVisitor(undefined, contact.name, email, phone);
+    				const room = await createLivechatRoom(visitor.token);
+    				roomId = room._id;
+    			});
+    			after(async () => {
+    				await updateSetting('Livechat_Allow_collect_and_store_HTTP_header_informations', true);
+    			});
+    			it("should not delete the contact if the GDPR setting isn't enabled and contact has open rooms", async () => {
+    				const response = await request.post(api(`omnichannel/contacts.delete`)).set(credentials).send({ contactId });
+    				expect(response.status).to.be.equal(400);
+    				expect(response.body).to.have.property('success', false);
+    				expect(response.body.error).to.be.equal('error-contact-has-open-rooms');
+    				const contactCheck = await request.get(api('omnichannel/contacts.get')).set(credentials).query({ contactId });
+    				expect(contactCheck.status).to.be.equal(200);
+    			});
+    		});
+    	});
     	describe('[GET] omnichannel/contacts.checkExistence', () => {
     		let contactId: string;
     		let roomId: string;
@@ Expand Down @@

apps/meteor/tests/unit/app/livechat/server/lib/disableContact.spec.ts

-Original file line number
+Diff line change
@@ -0,0 +1,105 @@
+    import { expect } from 'chai';
+    import proxyquire from 'proxyquire';
+    import sinon from 'sinon';
+    const modelsMock = {
+    	LivechatContacts: {
+    		findOneEnabledById: sinon.stub(),
+    		disableByContactId: sinon.stub(),
+    	},
+    	LivechatRooms: {
+    		checkContactOpenRooms: sinon.stub(),
+    	},
+    };
+    const settingsMock = {
+    	get: sinon.stub(),
+    };
+    const removeGuestMock = { removeGuest: sinon.stub() };
+    const { disableContactById } = proxyquire.noCallThru().load('../../../../../../app/livechat/server/lib/contacts/disableContact.ts', {
+    	'@rocket.chat/models': modelsMock,
+    	'../guests': removeGuestMock,
+    	'../../../../settings/server': { settings: settingsMock },
+    });
+    describe('disableContact', () => {
+    	const contact = {
+    		_id: 'contact-id',
+    		channels: [
+    			{
+    				visitor: {
+    					visitorId: 'visitor-id',
+    				},
+    			},
+    		],
+    	};
+    	beforeEach(() => {
+    		modelsMock.LivechatContacts.findOneEnabledById.reset();
+    		modelsMock.LivechatRooms.checkContactOpenRooms.reset();
+    		modelsMock.LivechatContacts.disableByContactId.reset();
+    		settingsMock.get.reset();
+    		removeGuestMock.removeGuest.reset();
+    	});
+    	it('should disable the contact', async () => {
+    		settingsMock.get.withArgs('Livechat_Allow_collect_and_store_HTTP_header_informations').returns(true);
+    		modelsMock.LivechatContacts.findOneEnabledById.resolves(contact);
+    		modelsMock.LivechatRooms.checkContactOpenRooms.resolves(null);
+    		removeGuestMock.removeGuest.resolves();
+    		modelsMock.LivechatContacts.disableByContactId.resolves();
+    		await disableContactById(contact._id);
+    		expect(modelsMock.LivechatContacts.findOneEnabledById.calledOnceWith(contact._id)).to.be.true;
+    		expect(modelsMock.LivechatRooms.checkContactOpenRooms.calledOnceWith(contact._id)).to.be.true;
+    		expect(removeGuestMock.removeGuest.calledOnceWith({ _id: 'visitor-id' })).to.be.true;
+    		expect(modelsMock.LivechatContacts.disableByContactId.calledOnceWith(contact._id)).to.be.true;
+    	});
+    	it('should call removeGuest for each channel the contact has communicated from', async () => {
+    		contact.channels.push({ visitor: { visitorId: 'visitor-id-2' } });
+    		settingsMock.get.withArgs('Livechat_Allow_collect_and_store_HTTP_header_informations').returns(true);
+    		modelsMock.LivechatContacts.findOneEnabledById.resolves(contact);
+    		modelsMock.LivechatRooms.checkContactOpenRooms.resolves(null);
+    		removeGuestMock.removeGuest.resolves();
+    		modelsMock.LivechatContacts.disableByContactId.resolves();
+    		await disableContactById(contact._id);
+    		expect(modelsMock.LivechatContacts.findOneEnabledById.calledOnceWith(contact._id)).to.be.true;
+    		expect(modelsMock.LivechatContacts.findOneEnabledById.calledOnceWith(contact._id)).to.be.true;
+    		expect(modelsMock.LivechatRooms.checkContactOpenRooms.calledOnceWith(contact._id)).to.be.true;
+    		expect(removeGuestMock.removeGuest.calledTwice).to.be.true;
+    		expect(removeGuestMock.removeGuest.getCall(0).args[0]).to.deep.equal({ _id: 'visitor-id' });
+    		expect(removeGuestMock.removeGuest.getCall(1).args[0]).to.deep.equal({ _id: 'visitor-id-2' });
+    		expect(modelsMock.LivechatContacts.disableByContactId.calledOnceWith(contact._id)).to.be.true;
+    	});
+    	it('should throw error if contact is not found', async () => {
+    		modelsMock.LivechatContacts.findOneEnabledById.resolves(null);
+    		await expect(disableContactById('nonexistent-contact-id')).to.be.rejectedWith('error-contact-not-found');
+    		expect(modelsMock.LivechatContacts.findOneEnabledById.calledOnceWith('nonexistent-contact-id')).to.be.true;
+    		expect(modelsMock.LivechatRooms.checkContactOpenRooms.notCalled).to.be.true;
+    		expect(removeGuestMock.removeGuest.notCalled).to.be.true;
+    		expect(modelsMock.LivechatContacts.disableByContactId.notCalled).to.be.true;
+    	});
+    	it('should throw error if contact has open rooms and GDPR is disabled', async () => {
+    		settingsMock.get.withArgs('Livechat_Allow_collect_and_store_HTTP_header_informations').returns(false);
+    		modelsMock.LivechatContacts.findOneEnabledById.resolves(contact);
+    		modelsMock.LivechatRooms.checkContactOpenRooms.resolves({ _id: 'room-id' });
+    		modelsMock.LivechatContacts.disableByContactId.resolves();
+    		await expect(disableContactById(contact._id)).to.be.rejectedWith('error-contact-has-open-rooms');
+    		expect(modelsMock.LivechatRooms.checkContactOpenRooms.calledOnceWith(contact._id)).to.be.true;
+    		expect(removeGuestMock.removeGuest.notCalled).to.be.true;
+    		expect(modelsMock.LivechatContacts.disableByContactId.notCalled).to.be.true;
+    	});
+    });

packages/i18n/src/locales/en.i18n.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -5981,6 +5981,7 @@ @@
       "delete-team_description": "Permission to delete teams",
       "delete-user": "Delete User",
       "delete-user_description": "Permission to delete users",
+      "delete-livechat-contact": "Delete Omnichannel Contact",
       "different_values_found": "{{number}} different values found",
       "disabled": "disabled",
       "discussion-created": "{{message}}",
@@ Expand Down @@

packages/model-typings/src/models/ILivechatContactsModel.ts

-Original file line number
+Diff line change
@@ Expand Up @@
     	getStatistics(): AggregationCursor<{ totalConflicts: number; avgChannelsPerContact: number }>;
     	updateByVisitorId(visitorId: string, update: UpdateFilter<ILivechatContact>, options?: UpdateOptions): Promise<UpdateResult>;
     	disableByVisitorId(visitorId: string): Promise<UpdateResult | Document>;
+    	disableByContactId(contactId: string): Promise<UpdateResult>;
     	findOneEnabledById(_id: ILivechatContact['_id'], options?: FindOptions<ILivechatContact>): Promise<ILivechatContact | null>;
     	findOneEnabledById<P extends Document = ILivechatContact>(_id: P['_id'], options?: FindOptions<P>): Promise<P | null>;
     	findOneEnabledById(_id: ILivechatContact['_id'], options?: any): Promise<ILivechatContact | null>;
@@ Expand Down @@

packages/model-typings/src/models/ILivechatRoomsModel.ts

-Original file line number
+Diff line change
@@ Expand Up @@
     		contact: Partial<Pick<ILivechatContact, '_id' | 'name'>>,
     	): Promise<UpdateResult | Document>;
     	findOpenByContactId(contactId: ILivechatContact['_id'], options?: FindOptions<IOmnichannelRoom>): FindCursor<IOmnichannelRoom>;
+    	checkContactOpenRooms(contactId: ILivechatContact['_id']): Promise<IOmnichannelRoom | null>;
     }

packages/models/src/models/LivechatContacts.ts

-Original file line number
+Diff line change
@@ Expand Up @@
     		);
     	}
+    	disableByContactId(contactId: string): Promise<UpdateResult> {
+    		return this.updateOne(
+    			{ _id: contactId },
+    			{
+    				$set: { enabled: false },
+    				$unset: {
+    					emails: 1,
+    					customFields: 1,
+    					lastChat: 1,
+    					channels: 1,
+    					name: 1,
+    					phones: 1,
+    					conflictingFields: 1,
+    				},
+    			},
+    		);
+    	}
     	async addEmail(contactId: string, email: string): Promise<ILivechatContact | null> {
     		const updatedContact = await this.findOneAndUpdate({ _id: contactId }, { $addToSet: { emails: { address: email } } });
@@ Expand Down @@

packages/models/src/models/LivechatRooms.ts

-Original file line number
+Diff line change
@@ Expand Up @@
     	findOpenByContactId(contactId: ILivechatContact['_id'], options?: FindOptions<IOmnichannelRoom>): FindCursor<IOmnichannelRoom> {
     		return this.find({ open: true, contactId }, options);
     	}
+    	checkContactOpenRooms(contactId: ILivechatContact['_id']): Promise<IOmnichannelRoom | null> {
+    		return this.findOne({ contactId, open: true }, { projection: { _id: 1 } });
+    	}
     }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: adds new endpoint to disable Contacts by id #36589

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!

Uh oh!