MG - 1529 - User Removal #2122
Open
MG - 1529 - User Removal #2122
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rodneyosodo
force-pushed
the
delete-user
branch
4 times, most recently
from
1479343
to
88eafd0
Compare
rodneyosodo
force-pushed
the
delete-user
branch
from
88eafd0
to
ec64531
Compare
arvindh123
reviewed
Mar 21, 2024
Comment on lines
+447
to
+462
| if err := svc.checkSuperAdmin(ctx, res.GetId()); err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
@rodneyosodo We are planning like, only super admins can delete users
There was a problem hiding this comment.
Yes. It is only super admins who can delete users
There was a problem hiding this comment.
Should I also add that a user can be able to delete themselves?
arvindh123
reviewed
Mar 21, 2024
Comment on lines
+969
to
+1065
| req := PolicyReq{ | ||
| SubjectType: GroupType, | ||
| Object: id, | ||
| ObjectType: ThingType, | ||
| } | ||
|
|
||
| if err := svc.DeletePolicy(ctx, req); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| // Remove policy from domain | ||
| req.SubjectType = DomainType | ||
| if err := svc.DeletePolicy(ctx, req); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| // Remove policy of users | ||
| req.SubjectType = UserType | ||
| if err := svc.DeletePolicy(ctx, req); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| return nil |
There was a problem hiding this comment.
For svc.DeletePolicy only object Type is required field.
So the below snippet will delete all type of subjects related to thing object
Suggested change
| req := PolicyReq{ | |
| SubjectType: GroupType, | |
| Object: id, | |
| ObjectType: ThingType, | |
| } | |
| if err := svc.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| // Remove policy from domain | |
| req.SubjectType = DomainType | |
| if err := svc.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| // Remove policy of users | |
| req.SubjectType = UserType | |
| if err := svc.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| return nil | |
| // Remove all policies related to thing | |
| req := PolicyReq{ | |
| Object: id, | |
| ObjectType: ThingType, | |
| } | |
| if err := svc.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| return nil |
There was a problem hiding this comment.
This doesn't work. I get
{"time":"2024-03-21T08:36:41.624438869Z","level":"WARN","msg":"Delete entity policies failed to complete successfully","duration":"284.946µs","entity_type":"thing","id":"feae8203-452b-4f7c-a003-76b475e43b56","error":{"error":"malformed entity specification","message":"failed to remove the policies"}}
arvindh123
reviewed
Mar 21, 2024
auth/service.go
Outdated
Comment on lines
1010
to
1091
| policy := PolicyReq{ | ||
| Subject: EncodeDomainUserID(domain.ID, id), | ||
| SubjectType: UserType, | ||
| Object: domain.ID, | ||
| ObjectType: DomainType, | ||
| } | ||
| if err := svc.agent.DeletePolicy(ctx, policy); err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
This below snippet will delete all Thing, Group, Channel relation related to user id within the domain
Suggested change
| policy := PolicyReq{ | |
| Subject: EncodeDomainUserID(domain.ID, id), | |
| SubjectType: UserType, | |
| Object: domain.ID, | |
| ObjectType: DomainType, | |
| } | |
| if err := svc.agent.DeletePolicy(ctx, policy); err != nil { | |
| return err | |
| } | |
| policy := PolicyReq{ | |
| Subject: EncodeDomainUserID(domain.ID, id), | |
| SubjectType: UserType, | |
| ObjectType: ThingType, | |
| } | |
| if err := svc.agent.DeletePolicy(ctx, policy); err != nil { | |
| return err | |
| } | |
| policy = PolicyReq{ | |
| Subject: EncodeDomainUserID(domain.ID, id), | |
| SubjectType: UserType, | |
| ObjectType: GroupType, | |
| } | |
| if err := svc.agent.DeletePolicy(ctx, policy); err != nil { | |
| return err | |
| } | |
| policy = PolicyReq{ | |
| Subject: EncodeDomainUserID(domain.ID, id), | |
| SubjectType: UserType, | |
| Object: domain.ID, | |
| ObjectType: DomainType, | |
| } | |
| if err := svc.agent.DeletePolicy(ctx, policy); err != nil { | |
| return err | |
| } |
arvindh123
reviewed
Mar 21, 2024
Comment on lines
+1021
to
+1120
| req := PolicyReq{ | ||
| Subject: id, | ||
| SubjectType: UserType, | ||
| ObjectType: ThingType, | ||
| } | ||
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | ||
| return err | ||
| } | ||
| req.ObjectType = GroupType | ||
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | ||
| return err | ||
| } | ||
| req.ObjectType = DomainType | ||
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
There is no need to remove policy between user_id and things/groups, because,There will be no subject just with user id in spicedb.
User's Subject id in spicesdb will be always combination <domain_id>_<user_id>
Suggested change
| req := PolicyReq{ | |
| Subject: id, | |
| SubjectType: UserType, | |
| ObjectType: ThingType, | |
| } | |
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| req.ObjectType = GroupType | |
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| req.ObjectType = DomainType | |
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } | |
| req := PolicyReq{ | |
| Subject: id, | |
| SubjectType: UserType, | |
| ObjectType: PlatformType, | |
| req.Object = MagistralaObject | |
| } | |
| if err := svc.agent.DeletePolicy(ctx, req); err != nil { | |
| return err | |
| } |
There was a problem hiding this comment.
If we leave it spiceDB will see it as a valid policy and will not clean up
arvindh123
requested changes
Mar 21, 2024
There was a problem hiding this comment.
Hello @rodneyosodo left some comments for delete policies in auth service.
rodneyosodo
force-pushed
the
delete-user
branch
2 times, most recently
from
f13ec49
to
0d0c4ac
Compare
rodneyosodo
force-pushed
the
delete-user
branch
11 times, most recently
from
11e3133
to
3d13f69
Compare
rodneyosodo
force-pushed
the
delete-user
branch
6 times, most recently
from
38bf43d
to
fdf8bbb
Compare
rodneyosodo
force-pushed
the
delete-user
branch
5 times, most recently
from
9258642
to
5734abb
Compare
rodneyosodo
force-pushed
the
delete-user
branch
7 times, most recently
from
854aed6
to
9e3c540
Compare
rodneyosodo
force-pushed
the
delete-user
branch
4 times, most recently
from
ba7f976
to
0752cf2
Compare
This commit adds a new method to delete a client with a given ID in the repository package. The implementation of this method uses a SQL query to delete the client from the database. Additionally, test cases have been added for the delete method to ensure its functionality. These test cases include assertions for handling expected errors. These changes enhance the functionality of the codebase by allowing clients to be deleted from the database. Note: This commit does not include any breaking changes or additional modifications to other files. Signed-off-by: Rodney Osodo <[email protected]>
This commit adds a new command to the CLI for deleting a user. The command can be accessed by running `cli delete <user_id>`, where `<user_id>` is the ID of the user to be deleted. The code changes include the addition of a new method in the SDK interface, `deleteUser`, which constructs a URL and makes a HTTP DELETE request to delete a user. Additionally, a mock implementation of the method has been included for testing purposes. These changes enhance the functionality of the application by allowing users to delete user records directly from the CLI. Signed-off-by: Rodney Osodo <[email protected]>
- Add new handlers for deleting and changing the status of a client in the users API - Improve logging in the users API - Update response types in the users API - Update the Service interface in the users API Add new functionality for deleting a client: - Add a constant, event type, and method in the eventStore - Implement the DeleteClient method in the service file - The DeleteClient method disables a client by deleting its policies and checking for authorization - Trace the operation by starting a span and calling the DeleteClient function of the wrapped service. Signed-off-by: Rodney Osodo <[email protected]>
- Add new handlers for deleting and changing the status of a client in the users API - Improve logging in the users API - Update response types in the users API - Update the Service interface in the users API Add new functionality for deleting a client: - Add a constant, event type, and method in the eventStore - Implement the DeleteClient method in the service file - The DeleteClient method disables a client by deleting its policies and checking for authorization - Trace the operation by starting a span and calling the DeleteClient function of the wrapped service. Signed-off-by: Rodney Osodo <[email protected]>
Add a method to delete entity's policies for example things or users. This helps reduced network communication between users and auth service Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>
Check if domainsURL, invitationsURL and HostURL are empty to default to defURL Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>
Signed-off-by: Rodney Osodo <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
This is a feature because it adds user removal
What does this do?
This PR adds a new method to delete a user with a given ID in the repository package. The implementation of this method uses an SQL query to delete the client from the database.
Additionally, an extra method has been added to the gRPC auth service to handle entity deletion. This is useful because it reduces network trips back and forth from the client microservices to the auth microservice. Test cases have been added for the delete method to ensure its functionality.
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Yes, I have included tests for my changes.
Did you document any new/modified feature?
Yes, I have updated the documentation for the new feature.
Notes