Project

General

Profile

Actions

Bug #19501

open

unsetup should remove all sharing permissions for the deactivated user

Added by Tom Clegg 18 days ago. Updated about 12 hours ago.

Status:
New
Priority:
Normal
Assigned To:
Category:
API
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
(Total: 0.00 h)
Story points:
-

Description

Currently "unsetup" removes VM login and repo perms, deletes SSH keys and API tokens, etc., but retains collection/project-sharing permissions. This is not desirable because
  • if the user is re-setup, they will have access to the previously shared items, which the admin might not expect/desire
  • the deactivated user may appear in "currently shared with..." lists, which seems confusing

There is a slight wrinkle here that "manage" permission links are deleted by unsetup. This appears to be an accident: the comment suggests only (Arvados-hosted) repository permissions are deleted, but the db query is not restricted to repos.

    # delete repo_perms for this user                                                                                                                                                       
    Link.where(tail_uuid: self.uuid,
               link_class: 'permission',
               name: 'can_manage').destroy_all

Subtasks 1 (1 open0 closed)

Task #19506: ReviewNewLucas Di Pentima

Actions
Actions #1

Updated by Peter Amstutz 14 days ago

  • Assigned To set to Tom Clegg
Actions #2

Updated by Peter Amstutz about 13 hours ago

  • Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Actions #3

Updated by Peter Amstutz about 12 hours ago

  • Target version changed from 2022-10-12 sprint to 2022-10-26 sprint
Actions

Also available in: Atom PDF