1 files changed, 19 insertions, 0 deletions

diff --git a/gn_auth/wsgi.py b/gn_auth/wsgi.py
index 4950995..12c64fe 100644
--- a/gn_auth/wsgi.py
+++ b/gn_auth/wsgi.py
@@ -20,6 +20,7 @@ from gn_auth.auth.authentication.users import (
 from gn_auth.auth.authorisation.roles.models import assign_default_roles
 from gn_auth.auth.authorisation.users.admin.models import (
     make_sys_admin, grant_sysadmin_role)
+from gn_auth.auth.authorisation.users.models import delete_users_by_id
 from gn_auth.scripts import register_sys_admin as rsysadm# type: ignore[import]
 
 
@@ -213,6 +214,24 @@ def create_users(user_specs, output_path):
 
     __write_output__({"users": records}, output_path)
 
+
+@app.cli.command()
+@click.option("--user-id", "user_ids", multiple=True, type=click.UUID,
+              help="UUID of a user to delete (repeatable)")
+def delete_users(user_ids):
+    """Delete one or more users by ID, bypassing policy checks.
+
+    Removes users unconditionally regardless of their roles or group
+    memberships. Use with care — intended for test teardown and administration.
+    """
+    if not user_ids:
+        print("No user IDs specified.", file=sys.stderr)
+        sys.exit(1)
+
+    with db.connection(app.config["AUTH_DB"]) as conn:
+        deleted = delete_users_by_id(conn, tuple(user_ids))
+        print(f"Deleted {deleted} user(s).")
+
 ##### END: CLI Commands #####
 
 if __name__ == '__main__':