This is hopefully a small one. I would like to have a script which runs periodically and automatically suspends users whose accounts are disabled, locked, or otherwise removed in our centralized account system.
This is easily done through the API Discourse API Docs. However, there appears to be no granular API scope covering just this. Since there are scopes for Delete and Anonymize, hopefully this would not be too hard to add.
With this limitated scope, compromise of this key could let someone be annoying — but not incredibly disruptive otherwise.
Hi Ethan (or is it not-ethan?). There is an API endpoint. What I am looking for is an authorization scope for the corresponding API key. I want to be able to create an API key which can only access this endpoint.
Take a look in the admin user interface. You will find something like this. (It continues on down the page with some more, but no “suspend” in the user section, unless I am missing something.)
This is not possible. The closes is granting update user but that would also allow for other things like silencing (de)activating and other things I belive.