Delete User API Wrong Status Code if soft delete fails
There are two kinds of user deletion: Soft (Contributions are transferred to the Ghost User) and Hard (Contributions are deleted, too). Soft deletion is only possible, if the user is not the sole owner of a group. If he is, soft deletion is also excluded in the GUI.
The API does not check if soft deletion is possible, instead it returns a 2xx success code and tries to perform an async deletion, which will fail if the user owns a group solely. Imho, this is a wrong behaviour. The API (like the view for the gui) should check in advance if soft deletion is possible, and if not, return for example 409 conflict.
Results of GitLab environment info
GitLab information Version: 10.4.1
Possible fixes
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/users.rb#L390 should contain a check like
if user.can_be_removed? || hard_delete(please look at https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/views/admin/users/_user.html.haml#L39)