Project

General

Profile

Actions

Bug #19501

closed

unsetup should remove all sharing permissions for the deactivated user

Added by Tom Clegg over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
API
Target version:
Story points:
-
Release relationship:
Auto

Description

Currently "unsetup" removes VM login and repo perms, deletes SSH keys and API tokens, etc., but retains collection/project-sharing permissions. This is not desirable because
  • if the user is re-setup, they will have access to the previously shared items, which the admin might not expect/desire
  • the deactivated user may appear in "currently shared with..." lists, which seems confusing

There is a slight wrinkle here that "manage" permission links are deleted by unsetup. This appears to be an accident: the comment suggests only (Arvados-hosted) repository permissions are deleted, but the db query is not restricted to repos.

    # delete repo_perms for this user                                                                                                                                                       
    Link.where(tail_uuid: self.uuid,
               link_class: 'permission',
               name: 'can_manage').destroy_all

Subtasks 1 (0 open1 closed)

Task #19506: Review 19501-unsetup-permissionsResolvedTom Clegg10/17/2022Actions

Related issues

Related to Arvados - Bug #20831: User unsetup method does not consistently remove permissions in a federationResolvedPeter Amstutz11/13/2023Actions
Actions #1

Updated by Peter Amstutz over 1 year ago

  • Assigned To set to Tom Clegg
Actions #2

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Actions #3

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2022-10-12 sprint to 2022-10-26 sprint
Actions #4

Updated by Tom Clegg over 1 year ago

  • Status changed from New to In Progress
Actions #6

Updated by Lucas Di Pentima over 1 year ago

Sorry for the delay, this LGTM.

Actions #7

Updated by Tom Clegg over 1 year ago

  • Status changed from In Progress to Resolved
Actions #8

Updated by Peter Amstutz over 1 year ago

  • Release set to 47
Actions #9

Updated by Brett Smith 8 months ago

  • Related to Bug #20831: User unsetup method does not consistently remove permissions in a federation added
Actions

Also available in: Atom PDF