curl --request DELETE \
--url https://api.example.com/{collection}/{id} \
--header 'Authorization: <authorization>'{
"deleted": true,
"id": "<string>"
}Permanently delete a document from a collection with permission checks and audit logging
curl --request DELETE \
--url https://api.example.com/{collection}/{id} \
--header 'Authorization: <authorization>'{
"deleted": true,
"id": "<string>"
}Documentation Index
Fetch the complete documentation index at: https://mintlify.com/KTS-o7/permission-mongo/llms.txt
Use this file to discover all available pages before exploring further.
true if the deletion was successfulcurl -X DELETE https://api.example.com/users/507f1f77bcf86cd799439011 \
-H "Authorization: Bearer YOUR_TOKEN"
{
"deleted": true,
"id": "507f1f77bcf86cd799439011"
}
curl -X DELETE https://api.example.com/products/SKU-12345 \
-H "Authorization: Bearer YOUR_TOKEN"
{
"deleted": true,
"id": "SKU-12345"
}
deleteOne operation:
// Convert ID to appropriate format
var filter bson.M
objectID, err := primitive.ObjectIDFromHex(id)
if err == nil {
filter = bson.M{"_id": objectID}
} else {
filter = bson.M{"_id": id}
}
// Delete the document
result, err := collection.DeleteOne(ctx, filter)
if result.DeletedCount == 0 {
return ErrNotFound
}
if !h.canPerformAction(authCtx, collection, config.ActionDelete, doc) {
return ErrForbidden
}
resource.created_by == user.iduser.role == "admin"resource.department == user.department && user.role == "manager"if collConfig.Versioning.Enabled && h.version != nil {
h.saveVersionSnapshot(id, collection, doc, authCtx.UserID)
}
auditEvent := &audit.AuditEvent{
TenantID: authCtx.TenantID,
UserID: authCtx.UserID,
Action: "delete",
Collection: collection,
DocID: id,
Before: doc, // Full document snapshot
Success: true,
}
h.audit.Log(ctx, auditEvent)
{
"error": "Pre-delete hook failed",
"code": "bad_request",
"details": {
"error": "Cannot delete document with active references"
}
}
{
"error": "Authentication required"
}
{
"error": "You don't have permission to perform this action",
"code": "forbidden",
"details": {
"action": "delete",
"collection": "users"
}
}
{
"error": "Document not found",
"code": "document_not_found",
"details": {
"collection": "users",
"id": "507f1f77bcf86cd799439011"
}
}
{
"error": "Failed to delete document",
"code": "internal_error",
"details": {
"error": "database write failed"
}
}
function preDelete(event) {
// event.before = document to be deleted
// Check if safe to delete
if (event.before.has_active_subscriptions) {
throw new Error('Cannot delete user with active subscriptions');
}
// Check for references
const orderCount = db.orders.countDocuments({ user_id: event.before._id });
if (orderCount > 0) {
throw new Error(`Cannot delete user with ${orderCount} orders`);
}
return event;
}
function postDelete(event) {
// event.before = deleted document
// Clean up related data
db.sessions.deleteMany({ user_id: event.before._id });
db.notifications.deleteMany({ user_id: event.before._id });
// Trigger notifications
sendAccountDeletionEmail(event.before.email);
// Update analytics
analytics.track('user_deleted', {
user_id: event.before._id,
deleted_by: event.user_id
});
}
curl -X DELETE https://api.example.com/users/507f1f77bcf86cd799439011 \
-H "Authorization: Bearer YOUR_TOKEN"
curl -X DELETE https://api.example.com/drafts/draft_456 \
-H "Authorization: Bearer YOUR_TOKEN"
curl -X DELETE https://api.example.com/orders/ORD-12345 \
-H "Authorization: Bearer YOUR_TOKEN"
# Instead of DELETE, use UPDATE to mark as deleted
curl -X PUT https://api.example.com/users/507f1f77bcf86cd799439011 \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"deleted": true,
"deleted_at": "2024-03-16T10:30:00Z"
}'
fields:
deleted:
type: boolean
default: false
deleted_at:
type: date
optional: true
policies:
users:
member:
when: "resource.deleted != true"
function postDelete(event) {
const userId = event.before._id;
// Delete related documents
db.posts.deleteMany({ author_id: userId });
db.comments.deleteMany({ user_id: userId });
db.likes.deleteMany({ user_id: userId });
}
function preDelete(event) {
// Require special permission for production data
if (event.before.environment === 'production' &&
!event.metadata.confirmed) {
throw new Error('Deletion requires explicit confirmation');
}
}
# List versions (including deleted)
curl -X GET "https://api.example.com/users/507f1f77bcf86cd799439011/versions" \
-H "Authorization: Bearer YOUR_TOKEN"
# Restore from version
curl -X POST "https://api.example.com/users/507f1f77bcf86cd799439011/restore" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"version_id": "version_123"}'