feat: add admin draft profile deletion flow

Let admins delete a member's draft profile without removing the member account so they can relink an existing profile.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: markgoho

functions/src/admin-members-api/plugins/admin-members-plugin.ts

@@ -9,6 +9,7 @@ import {
   activateMembershipLogic,
   cancelMembershipLogic,
   cleanSlateDeleteLogic,
+  deleteDraftProfileLogic,
   extendMembershipLogic,
   getMemberLogic,
   linkProfileLogic,
@@ -25,6 +26,7 @@ import {
   ActivateMembershipBodySchema,
   CancelMembershipApiResponseSchema,
   CleanSlateApiResponseSchema,
+  DeleteDraftProfileApiResponseSchema,
   ExtendMembershipApiResponseSchema,
   ExtendMembershipBodySchema,
   GetMemberApiResponseSchema,
@@ -183,6 +185,29 @@ export function createAdminMembersPlugin(services?: PartialServices) {
               response: ToggleProfileDraftApiResponseSchema,
             },
           )
+          // POST /:memberId/profile/delete-draft - Delete draft profile (served at /api/admin/members/:memberId/profile/delete-draft)
+          .post(
+            "/profile/delete-draft",
+            async ({
+              params,
+              adminToken,
+              memberAdminService,
+              emailService,
+              logger,
+              set,
+            }) =>
+              deleteDraftProfileLogic({
+                memberId: params.memberId,
+                adminUid: getAdminUid(adminToken, logger),
+                memberAdminService,
+                ...(emailService !== undefined && { emailService }),
+                logger,
+                set,
+              }),
+            {
+              response: DeleteDraftProfileApiResponseSchema,
+            },
+          )
           // GET /:memberId/profile - Read member profile (served at /api/admin/members/:memberId/profile)
           .get(
             "/profile",

functions/src/admin-members-api/routes/delete-draft-profile.test.ts

@@ -0,0 +1,223 @@
+import { describe, expect, it, mock } from "bun:test";
+import {
+  NotFoundError,
+  ValidationError,
+} from "../../shared-api/errors/http-error.js";
+import { handleRequest } from "../../test-utils/handle-request.js";
+import type { DeleteDraftProfileResult } from "../services/delete-draft-profile.js";
+import { createAdminTestPlugin } from "../test-utils/create-admin-test-plugin.js";
+
+describe("POST /:memberId/profile/delete-draft", () => {
+  interface SetupOptions {
+    memberId?: string;
+    authToken?: string | null;
+    memberNotFound?: boolean;
+    noSlug?: boolean;
+    profileNotDraft?: boolean;
+    profileNotFound?: boolean;
+    serverError?: boolean;
+    deleteResult?: DeleteDraftProfileResult;
+  }
+
+  function setup({
+    memberId = "test-member-id",
+    authToken = "admin-token",
+    memberNotFound = false,
+    noSlug = false,
+    profileNotDraft = false,
+    profileNotFound = false,
+    serverError = false,
+    deleteResult,
+  }: SetupOptions = {}) {
+    const defaultResult: DeleteDraftProfileResult = {
+      slug: "test-slug",
+      profileDeleted: true,
+      profileImageDeleted: true,
+      memberUpdated: true,
+      hugoRebuildTriggered: true,
+    };
+
+    const mockDeleteDraftProfile = mock(
+      (): Promise<DeleteDraftProfileResult> => {
+        if (memberNotFound) {
+          return Promise.reject(
+            new NotFoundError(`Member with ID ${memberId} not found`),
+          );
+        }
+        if (noSlug) {
+          return Promise.reject(
+            new ValidationError(
+              "Member does not have a profile slug. Cannot delete draft profile.",
+            ),
+          );
+        }
+        if (profileNotDraft) {
+          return Promise.reject(
+            new ValidationError(
+              'Profile for slug "test-slug" is published and cannot be deleted with this action.',
+            ),
+          );
+        }
+        if (profileNotFound) {
+          return Promise.reject(
+            new NotFoundError("Profile not found for slug: test-slug"),
+          );
+        }
+        if (serverError) {
+          return Promise.reject(new Error("Firestore unavailable"));
+        }
+        return Promise.resolve(deleteResult ?? defaultResult);
+      },
+    );
+
+    const testApp = createAdminTestPlugin({
+      memberAdminService: {
+        deleteDraftProfile: mockDeleteDraftProfile,
+      },
+    });
+
+    const headers: Record<string, string> = {};
+    if (authToken) {
+      headers["Authorization"] = `Bearer ${authToken}`;
+    }
+
+    const request = new Request(
+      `http://localhost/${memberId}/profile/delete-draft`,
+      {
+        method: "POST",
+        headers,
+      },
+    );
+
+    return { testApp, request };
+  }
+
+  describe("Authentication", () => {
+    it("should return 401 when no authorization header is provided", async () => {
+      const { testApp, request } = setup({ authToken: null });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(401);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toBe("Missing Authorization header");
+    });
+
+    it("should return 403 when non-admin user tries to delete draft profile", async () => {
+      const { testApp, request } = setup({ authToken: "non-admin-token" });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(403);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toBe("Admin privileges required");
+    });
+  });
+
+  describe("Successful delete", () => {
+    it("should return deletion statuses and slug on success", async () => {
+      const { testApp, request } = setup({
+        deleteResult: {
+          slug: "jane-doe",
+          profileDeleted: true,
+          profileImageDeleted: true,
+          memberUpdated: true,
+          hugoRebuildTriggered: true,
+        },
+      });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as {
+        success?: boolean;
+        slug?: string;
+        profileDeleted?: boolean;
+        profileImageDeleted?: boolean;
+        memberUpdated?: boolean;
+        warning?: string;
+      };
+      expect(body.success).toBe(true);
+      expect(body.slug).toBe("jane-doe");
+      expect(body.profileDeleted).toBe(true);
+      expect(body.profileImageDeleted).toBe(true);
+      expect(body.memberUpdated).toBe(true);
+      expect(body.warning).toBeUndefined();
+    });
+
+    it("should include warning when Hugo rebuild fails", async () => {
+      const { testApp, request } = setup({
+        deleteResult: {
+          slug: "jane-doe",
+          profileDeleted: true,
+          profileImageDeleted: true,
+          memberUpdated: true,
+          hugoRebuildTriggered: false,
+        },
+      });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(200);
+      const body = (await response.json()) as {
+        success?: boolean;
+        warning?: string;
+      };
+      expect(body.success).toBe(true);
+      expect(body.warning).toContain("Hugo rebuild failed");
+    });
+  });
+
+  describe("Error handling", () => {
+    it("should return 404 when member not found", async () => {
+      const { testApp, request } = setup({ memberNotFound: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(404);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("not found");
+    });
+
+    it("should return 400 when member has no slug", async () => {
+      const { testApp, request } = setup({ noSlug: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(400);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("profile slug");
+    });
+
+    it("should return 400 when profile is not draft", async () => {
+      const { testApp, request } = setup({ profileNotDraft: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(400);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("published");
+    });
+
+    it("should return 404 when profile not found", async () => {
+      const { testApp, request } = setup({ profileNotFound: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(404);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toContain("Profile not found");
+    });
+
+    it("should return 500 for unexpected errors", async () => {
+      const { testApp, request } = setup({ serverError: true });
+
+      const response = await handleRequest(testApp, request);
+
+      expect(response.status).toBe(500);
+      const body = (await response.json()) as { error?: string };
+      expect(body.error).toBeDefined();
+      expect(body.error).not.toContain("Firestore unavailable");
+    });
+  });
+});

functions/src/admin-members-api/routes/delete-draft-profile.ts

@@ -0,0 +1,69 @@
+import { ERROR_IDS } from "../../constants/error-ids.js";
+import type { EmailServiceInterface } from "../../shared-api/services/email/index.js";
+import type { Logger } from "../../shared-api/types/logger.js";
+import { handleRouteError } from "../../shared-api/utils/route-error-handler.js";
+import type { DeleteDraftProfileApiResponse } from "../schemas/member-schemas.js";
+import type { MemberAdminService } from "../services/interface.js";
+
+/**
+ * Route handler for POST /:memberId/profile/delete-draft.
+ * Deletes a member's draft profile while preserving the member account.
+ */
+export async function deleteDraftProfileLogic({
+  memberId,
+  adminUid,
+  memberAdminService,
+  emailService,
+  logger,
+  set,
+}: {
+  memberId: string;
+  adminUid: string;
+  memberAdminService: MemberAdminService;
+  emailService?: EmailServiceInterface;
+  logger: Logger;
+  set: { status?: number | string };
+}): Promise<DeleteDraftProfileApiResponse> {
+  try {
+    const result = await memberAdminService.deleteDraftProfile({
+      memberId,
+      ...(emailService !== undefined && { emailService }),
+    });
+
+    logger.info("Admin deleted draft profile", {
+      adminUid,
+      memberId,
+      slug: result.slug,
+      profileDeleted: result.profileDeleted,
+      profileImageDeleted: result.profileImageDeleted,
+      memberUpdated: result.memberUpdated,
+      hugoRebuildTriggered: result.hugoRebuildTriggered,
+    });
+
+    const warnings: string[] = [];
+    if (!result.hugoRebuildTriggered) {
+      warnings.push("Hugo rebuild failed");
+    }
+    if (!result.profileImageDeleted) {
+      warnings.push("Profile image deletion failed or not found");
+    }
+
+    return {
+      success: true,
+      slug: result.slug,
+      profileDeleted: result.profileDeleted,
+      profileImageDeleted: result.profileImageDeleted,
+      memberUpdated: result.memberUpdated,
+      ...(warnings.length > 0 && { warning: warnings.join("; ") }),
+    };
+  } catch (error) {
+    return handleRouteError({
+      error,
+      operation: "delete draft profile",
+      errorId: ERROR_IDS.API_ADMIN_DELETE_DRAFT_PROFILE_FAILED,
+      logger,
+      set,
+      context: { memberId, adminUid },
+    });
+  }
+}

functions/src/admin-members-api/routes/index.ts

@@ -1,6 +1,7 @@
 export { activateMembershipLogic } from "./activate-membership.js";
 export { cancelMembershipLogic } from "./cancel-membership.js";
 export { cleanSlateDeleteLogic } from "./clean-slate-delete.js";
+export { deleteDraftProfileLogic } from "./delete-draft-profile.js";
 export { extendMembershipLogic } from "./extend-membership.js";
 export { getMemberLogic } from "./get-member.js";
 export { linkProfileLogic } from "./link-profile.js";

functions/src/admin-members-api/schemas/member-schemas.ts

@@ -598,6 +598,46 @@ export type ToggleProfileDraftApiResponse = Static<
   typeof ToggleProfileDraftApiResponseSchema
 >;
 
+/**
+ * Success response for deleting a draft profile.
+ */
+export const DeleteDraftProfileResponseSchema = t.Object({
+  success: t.Literal(true),
+  slug: t.String({
+    description: "The profile slug that was deleted",
+  }),
+  profileDeleted: t.Boolean({
+    description: "Whether the profile document was deleted",
+  }),
+  profileImageDeleted: t.Boolean({
+    description: "Whether the profile image was deleted from ImageKit",
+  }),
+  memberUpdated: t.Boolean({
+    description: "Whether the member document profile fields were cleared",
+  }),
+  warning: t.Optional(
+    t.String({
+      description: "Warning if non-critical steps failed",
+    }),
+  ),
+});
+
+export type DeleteDraftProfileResponse = Static<
+  typeof DeleteDraftProfileResponseSchema
+>;
+
+/**
+ * POST /api/admin/members/:memberId/profile/delete-draft response - union of success and error.
+ */
+export const DeleteDraftProfileApiResponseSchema = t.Union([
+  DeleteDraftProfileResponseSchema,
+  ErrorResponseSchema,
+]);
+
+export type DeleteDraftProfileApiResponse = Static<
+  typeof DeleteDraftProfileApiResponseSchema
+>;
+
 /**
  * Profile content schema for admin read profile response.
  * Includes all ProfileData fields plus metadata.